Hi Kodeine, I'm trying to get a handle on this as a Laravel 5 replac

Hello <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-ur

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Question: Permission inheritance? about laravel-acl HOT 4 CLOSED

ssssteve commented on August 22, 2024

Question: Permission inheritance?

from laravel-acl.

Comments (4)

kodeine commented on August 22, 2024

Hello @ssssteve,
You can use @if (Auth::user()->can('view.client'));

When you create permissions for client.as.admin just add another param, inherit_id = id of 'client' permission. So view.client.admin will now be known as view.client since your user will have permission of client.as.admin and links to client permission. We start recognizing user as client (inherited permission) and forget client.as.admin.

I'm sorry I'm not home so I can't write examples since I'm replying you via cell phone. I'll write you examples in few hours.

from laravel-acl.

kodeine commented on August 22, 2024

@ssssteve, Let the example code speak for a better picture.

First we create Roles.

        $roleTeacher = Role::create([
            'name'        => 'Teacher',
            'slug'        => 'teacher',
            'description' => 'Teacher [...]'
        ]);

        $roleStudent = Role::create([
            'name'        => 'Student',
            'slug'        => 'student',
            'description' => 'Student [...]'
        ]);

Now lets create Permissions for Teacher and Student.

        $permissionInternship = Permission::create([
            'name'        => 'internships',
            'slug'        => [ // an array of permissions.
                'create' => true,
                'view'   => true,
                'update' => true,
                'delete' => true,
            ],
            'description' => 'manage internships'
        ]);

        $permissionStudent = Permission::create([
            'name'        => 'internships.student',
            'slug'        => [ // an array of permissions only for student
                'create' => false,
            ],
            // we use permission inheriting.
            'inherit_id' => $permissionInternship->getKey(),
            'description' => 'student internship permissions'
        ]);

Note: inherit_id in internships.student.
since internships.student inherit permissions from internships
we can can forget about internships.student because now we recognize it as internships.
so getPermissions will return array('internships' => [...permissions merged with internships.student...])

Lets assign those permissions to newly created roles.

$roleTeacher->assignPermission('internships');  // or assignPermission($permissionInternship->id)
$roleStudent->assignPermission('internships.student');

And then we can assign those roles to our user.

$user->assignRole($roleTeacher);
$user->assignRole($roleStudent);
//$user->revokeRole('teacher');

Finally, lets do our tests.

// user has teacher and student role
dump($user->can('create.internships')); // results true

// user has teacher role
dump($user->can('create.internships')); // results true

// user has student role
dump($user->can('create.internships')); // results false

dump($user->getPermissions());

EDIT: I have updated the wiki as well.

from laravel-acl.

ssssteve commented on August 22, 2024

Hi @kodeine, thanks very much for your extremely rapid response. That sounds just right, and having just modified my Permissions seeder it seems to work really well.

Just as an added example, I'll mention that I'm doing it slightly differently to your example, which might be somewhat safer. I've set up a top level Permission but set all the permissions to false:

 $clientPermission = Permission::create([
                'name'        => 'client',
                'slug'        => [
                    'create'   => false,
                    'view'     => false,
                    'update'   => false,
                    'delete'   => false,
                    'suspend'  => false
                ],
                'description' => 'Manage client permissions'
            ]);

I can then set specific permissions true on a per role basis:

            Permission::create([
                'name'        => 'client.as.webdev',
                'slug'        => [
                    'create'  => true,
                    'view'    => true,
                    'update'  => true,
                    'delete'  => true,
                    'suspend' => true
                ],
                'inherit_id' => $clientPermission->getKey(),
                'description' => 'Manage client permissions as webdev'
            ]);

            $roleWebdev->assignPermission('client.as.webdev');

and for the lowest level role:

            Permission::create([
                'name'        => 'client.as.viewer',
                'slug'        => [],
                'inherit_id' => $clientPermission->getKey(),
                'description' => 'Manage client permissions as viewer'
            ]);

            $roleViewer->assignPermission('client.as.viewer');

This way permissions are explicitly set if required, and adding a new permission should be inherited safely until overridden for a specific role.

Thanks for your help!

from laravel-acl.

kodeine commented on August 22, 2024

@ssssteve, you're welcome :)

from laravel-acl.

Question: Permission inheritance? about laravel-acl HOT 4 CLOSED

Comments (4)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent