3

Let's say we have a simple SAAS that offers two types of plans. For example, in the cheapest plan you can create 20 lists at maximum and in the next plan you can create up to 50 lists. This is just one feature of the pricing model. Assuming the pricing model is based on 4-5 different features for each plan, what would be a good practice to check and enforce those restrictions?

I guess, the (messy) way would be to add a bunch of 'ifs' in different points, eg: if $user->plan->limitReached, do this etc.

Maybe another approach would be to throw some kind of events on user actions and handle the checks in a more 'centralized' way? What are your thoughts on this scenario? Any suggestions would be appreciated. Thank you

nteath
  • 250
  • 1
  • 13
  • In general do not code such limits, use a configuration catalog instead. Apart from that: this is not a question that is well suited for the Q&A style used on this site since answers would hold personal preferences. – arkascha Nov 28 '16 at 10:38
  • Yeah I guess this is not the most suitable place for this kind of question but I didn't get any answers elsewhere (reddit & laracasts). Thank you for your response though. – nteath Nov 28 '16 at 10:41
  • 1
    I would use some kind of ACL where you simply check `$acl->isAllowed('resource', 'privilege');` – NiMeDia Nov 28 '16 at 11:14
  • I'm facing the same situation, and I'd give a try using Gate or authorizes(), but still feeling like mixing things up with my app domain. I found [this package](https://github.com/theseanstewart/Plan-Config) and it looks like I'll be able to get a clean solution for now. – alariva Nov 29 '16 at 01:10
  • @nteath I finally [got it implemented](https://github.com/timegridio/timegrid/commit/c2c8a767881fa7cb9b9fe0127d480e3a6a612fc0). Hope this helps for some guidance. – alariva Nov 29 '16 at 01:46
  • @alariva Thanks for the help. Your suggestion helped me get started – nteath Nov 29 '16 at 10:15
  • I will send a PR today, meanwhile you can use [my fork](https://github.com/alariva/Plan-Config), note that I have added a repositories parameter in my composer.json and specified `dev-patch` for version. – alariva Nov 29 '16 at 10:23

1 Answers1

0

Laravel 5.3 has a feature called Policies.

With those, you can create complex logic to allow or deny a request or anything, really, to the user.

It's the official Laravel-way to authorize a user action.

It also allows you to declutter your user models and controller classes and re-use code.

Felix Lebel
  • 563
  • 10
  • 23