1

This is my idea not just to have groups of users, but also groups of permissions. Here is how the database schema looks: database schema

I define my database relations as these :

userModel.php

public function roles()
{
    return $this->belongsToMany('App\Models\RoleModel', 'role_member', 'user_id', 'role_id');
}

roleModel.php

public function permissions(){
    return $this->belongsToMany('App\Models\PermissionModel' , 'role_permission' , 'role_id' , 'permission_id');
}

I should have my middleware to pass permission and decide to deny or access base on route or view that requested. Any idea to have Auth::user permissions array and decline duplicate value, or any idea to do that in a better way?

Rasclatt
  • 12,498
  • 3
  • 25
  • 33
movAhed
  • 73
  • 1
  • 2
  • 14

1 Answers1

0

finally i do this think is OK. any better solutions?

public function permissions()
{
    $user_permissions = [];
    foreach ($this->roles as $role){
        foreach ($role->permissions as $permission)
        {
            array_push($user_permissions , $permission->permission);
        }
    }
    $user_permissions = array_unique($user_permissions);
    return $user_permissions;
}

This is middleware I use to check auth user access level.

public function handle($request, Closure $next , $param)
{
    $user_permissions = Auth::user()->permissions();
    if (in_array($param , $user_permissions))
        return $next($request);
    return abort(403);
}

now define middleware as AccessLevel middleware , use it every where such as routes and send param like this. Route::post('create_new_profile', 'AdminProfileController@create', ['middleware' => 'AccessLevel:create_new_profile']);

movAhed
  • 73
  • 1
  • 2
  • 14