0

I am using Laravel Spatie package and I have inserted all the permissions that I want and an Admin Role.

What I am trying to do:

I am trying to check in each route whether user is an admin (can do ANYTHING) or not an admin and has a certain permission.

What I have tried:

I have tried to add | sign.

// GET ALL SEASONS
Route::get('/', 'SeasonsController@index')
            -> name('index')
            -> middleware(['role:admin|permission:seasons show active']);

What happened VS expected behavior:

Whenever I log in with a user that has seasons show active permission I get 403 Forbidden.

But if I removed role:admin the user get the permission.

apokryfos
  • 38,771
  • 9
  • 70
  • 114
AE1995
  • 372
  • 5
  • 17

2 Answers2

1

it's preferrable to work with permissions only.

Grant all the permission to your role admin (seasons show active ... and others). Then you will not need role:admin in your middleware.

To grant all permissions on your role admin code like below should do the job

$permissions = \Spatie\Permission\Models\Permission::all()

$role = \Spatie\Permission\Models\Role::where('name', 'admin')->first();

// foreach on permissions
 $role->givePermissionTo($permission);
// end foreach 
  • Yes I have read about that and that what I was thinking about. Is there a way so I could assign all permissions to a certain user? I mean a Spatie Function – AE1995 Jun 16 '19 at 10:34
  • `$permissions = \Spatie\Permission\Models\Permission::all() $role = \Spatie\Permission\Models\Role::where('name', 'admin')->first(); // foreach on permissions $role->givePermissionTo($permission); // end foreach ` should do the job – Guillaume Cozic Jun 16 '19 at 10:41
  • Please edit the answer so I could accept it to help others – AE1995 Jun 16 '19 at 10:46
0

you can work with both role and permission by applying on middleware

    //
});

Route::group(['middleware' => ['permission:publish articles|edit articles']], function () {
    //
});

Route::group(['middleware' => ['role_or_permission:super-admin|edit articles']], function () {

You can protect your controllers similarly, by setting desired middleware in the constructor:

{
    $this->middleware(['role:super-admin','permission:publish articles|edit articles']);
}```
HabteSoft
  • 101
  • 1
  • 2