3

I am using Zizaco/entrust laravel package as a ACL Manager for my project.

I know that for limit access to a route group via middlewares and assign a role (or permission) to it, I should do that like this: 

Route::group(['prefix' => 'admin', 'middleware' => ['role:admin']], function() {
    ....
});

But I want to assign separate permission to different routes(methods) of a resource controller.

I know that how can so that for whole resource but I can not implement it for each controller method:

Route::group(['prefix' => 'admin', 'middleware' => ['role:admin']], function() {
        Route::resource('/post', ['middleware' => ['permission:manage-posts'], 'uses' => 'PostController']);

    });

I want to assing this permission to related method :

'post-create' => public function create ()  
'post-edit' => public function edit()

and so on.

Ahmad Badpey
  • 6,348
  • 16
  • 93
  • 159

3 Answers3

11

You can assign middlewares in your controller's constructor:

class Foo extends Conroller
{
    public function __construct() {

        $this->middleware('post-create', ['only' => ['create']]);

        $this->middleware('post-edit', ['only' => ['edit']]);
    }
}
Angad Dubey
  • 5,067
  • 7
  • 30
  • 51
  • I have many models and each have individual resources that those have different methods. do I add middleware for each methods ? are not there another simple and general solution ? – Ahmad Badpey Apr 06 '16 at 17:08
  • @A.B.Developer Middlewares like any other classes should have a single responsibility, you could write some complicated conditional code to make a middleware usable for more than one method but then it will become harder to maintain and expand. – Angad Dubey Apr 06 '16 at 17:43
  • does not seem to be a good answer. this method will need to use one middleware for each methods. Will be too much for the developer – Zahan Safallwa Jul 28 '17 at 08:11
  • @ZahanSafallwa That is what the OP wanted - please read the quesiton: `assign separate middleware to each method of a resource in laravel` – Angad Dubey Jul 31 '17 at 20:12
  • @AngadDubey cant we use single middleware file and just use parameter to place different permission? i think that would be much efficient. otherwise creating a middleware file for each and every method is kinda overhead i guess – Zahan Safallwa Aug 01 '17 at 05:14
  • @ZahanSafallwa you can - but that is not what OP is looking for - OP explicitly wants them to be separate, please read the question ( `But I want to assign separate permission to different routes(methods) of a resource controller` – Angad Dubey Aug 01 '17 at 16:58
0

Imagine you have apiResource units-of-measure. You can assign different middlewares to separate endpoints like this:

Route::middleware('role:seller|buyer')->group(function () {
    Route::apiResource('units-of-measure', UnitOfMeasureController::class)->only('index');
});

Route::middleware('role:seller')->group(function () {
    Route::apiResource('units-of-measure', UnitOfMeasureController::class)->except('index');
});

The index endpoint will be accessible for sellers as well as for buyers. The rest of endpoints are only for sellers.

topvova
  • 71
  • 2
  • 6
-1

you can chain the methods, using the only method. here is an example:

    <?php
    
    namespace App\Http\Controllers;
    
    use App\Models\User;
    use Illuminate\Http\Request;
    use Illuminate\Support\Facades\Hash;
    use Illuminate\Support\Facades\Storage;
    use Spatie\Permission\Models\Role;
    
    class UserController extends Controller
    {
    
        public function __construct()
        {
            $this->middleware('permission:read-user')->only('index','show');
            $this->middleware('permission:edit-user')->only('edit','update');
            $this->middleware('permission:delete-user')->only('delete');
            $this->middleware('permission:create-user')->only('create','store');
        }
Abilogos
  • 4,777
  • 2
  • 19
  • 39
SapeiIdw
  • 1