2

New in laravel. I have done this in Yii And it is pretty much easy. :)

Laravel Version: 5.2 Entrust Version: dev-laravel-5

Let me explain my requirement. I have two role manager and ceo. and they have following permissions.

In PostController:
    1.Role: Manager
      Action: View
    2.Role : CEO
      Action: create,edit,delete

i created role with above permissions.

Now let's see what i have done. i create two middleware RoleCheck to check role and PermissionCheck to check permission

RoleCheck.php

namespace App\Http\Middleware;

use Closure;

    class RoleCheck
    {
      public function handle($request, Closure $next)
        {
            // Get the required roles from the route
            $roles = $this->getRequiredRoleForRoute($request->route());

            // Check if a role is required for the route, and
            // if so, ensure that the user has that role.
            if($request->user()->hasRole($roles) || !$roles)
            {
                        return $next($request);
            }
                    return response()->view('errors.401');
        }

        public function getRequiredRoleForRoute($route)
        {
            $actions = $route->getAction();
            return isset($actions['roles']) ? $actions['roles'] : null;
        }
    }

PermissionCheck.php 

namespace App\Http\Middleware;

use Closure;

class PermissionCheck
{

    public function handle($request, Closure $next, $permission= null)
    {   
        //exit;
        if (\Auth::user()->can($permission)) {

            return $next($request);
        } else {
            return response()->view('errors.401');
        }

    }
}

now i added this middleware to Kernel.php in routeMiddleware array

'role' => Middleware\RoleCheck::class,
'permission' => Middleware\PermissionCheck::class

now Authenticate role i have added 

Route::group(['middleware' => ['auth','role']], function () {
    Route::resource('posts', 'PostsController');
});

this works perfect. but i can't authenticate user their permission given in role.

In PostController.php

function __construct() {
        $this->middleware('auth');
        $this->middleware('permission:can_view',['only'=>'show']);
        $this->middleware('permission:can_create_post',['only'=>'create','store']);
        $this->middleware('permission:can_update_post',['only'=>'edit','update']);
        $this->middleware('permission:can_delete_post',['only'=>'destroy']);
    }

and route.php

Route::group(['middleware' => 'web','permission'], function () { 
    Route::resource('posts', 'PostsController');            
});

This works perfect. But this authentication is based on permission. But now i want to Authenticate based on given role. so try to change route 

Route::group(['middleware' => ['web','role'],'roles'=>['Manager','CEO']], function () { 
    Route::resource('posts', 'PostsController');            
});

and removed __construct() function. But here I face problem. User with Role can access all actions which are not assigned to him. and User with Manager can access all actions which are not assigned to him also.

How to do that?How can authenticate assigned permission in role. i am now totally confused between middleware and authentication. Any help please.

Khush
  • 76
  • 1
  • 5

0 Answers0