jalaf11201's avatar

How should I structure authorization for owner, super admin, community admin, and dynamic roles in a Laravel social network?

Hi, I'm creating a basic Laravel social network as my final project and I'm stuck on the authorization structure.

My systems authority levels:

super admin (static role, highest authority, have separate panel) community admin (a user who created a community) normal user dynamic global roles (created by super admin) dynamic community roles created by community admins

First I am wondering how I should separate the controllers for the same actions (like community controllers, post controllers). I want different behavior on who deleted the post, community, etc. If the user deleted their own things it is soft deleted, while if super admin or others deletes , it gets status delete, only the user will be seeing it as deleted.

The difficult part is the same person can have multiple authorities at once, they can be owner of the post, and also the community admin or another role in that community So when they delete a post, I need the system to know which context they are acting. So I can't just check it with one haveAuthority function.

I'm also unsure on how to separate controllers or environments (blades). I have separate controllers for super admin since they have different panel. Things got a bit complicated and I don't know how I should handle different levels of authority.

So my main questions are:

**How should I structure controllers for different authority levels in Laravel?

**How should I design one authority check system that can handle owner, super admin, community admin, and dynamic roles or I shouldn't?

**What is the best way to determine the acting context when one user can have multiple roles at the same time?

**Where can I learn more about this kind of authorization / authority architecture?

I searched and couldn't find what I need. I'd really appreciate guidance on architecture or the system. That's the part I'm struggling the most.

Mainly I have the super admin (static role), community admin (static role), just a user, and dynamic roles, created by super admin (global roles) or community admin (community roles).

1 like
3 replies
vincent15000's avatar

I had tried the Spatie Roles & Permissions package, but now I write my own roles and permissions code.

Do you want more details ?

1 like
jlrdw's avatar

Don't get hung up on the terms. A "Super Admin" means nothing to me except:

They can or cannot do something.

Think like this:

  • Authentication = Logged in
  • Authorization = What they can or cannot do with their role /s

I have an app where the admin can view but not otherwise mess with bookkeeping.

Learn about query scopes also, that way in a query a user can edit only their data but an admin can view all and edit certain fields.

DO NOT let AI write Authentication and Authorization, do this yourself. Go through the (yes steep) learning curve on this stuff. It gets easier once learned.

In a large app I do use separate controller methods, like:

  • index is general user
  • indexAdmin for admins of course

And separate views. In a smaller app I might not have the separation. This is highly subjective.

Note that the documentation covers this well and there are entire videos on this right here on laracasts.

2 likes
imranbru's avatar

You can use Spatie Roles & Permissions package or You can make custom role system like admin will be admin model and user will be user model,,Actually all depends on you what you want

1 like

Please or to participate in this conversation.