Laravel Spatie middleware using role OR permission

Question

I am using Laravel Spatie package and I have inserted all the permissions that I want and an Admin Role.

What I am trying to do:

I am trying to check in each route whether user is an admin (can do ANYTHING) or not an admin and has a certain permission.

What I have tried:

I have tried to add | sign.

// GET ALL SEASONS
Route::get('/', 'SeasonsController@index')
            -> name('index')
            -> middleware(['role:admin|permission:seasons show active']);

What happened VS expected behavior:

Whenever I log in with a user that has seasons show active permission I get 403 Forbidden.

But if I removed role:admin the user get the permission.

Guillaume Cozic · Accepted Answer · 2019-06-16T10:49:45.263

1

it's preferrable to work with permissions only.

Grant all the permission to your role admin (seasons show active ... and others). Then you will not need role:admin in your middleware.

To grant all permissions on your role admin code like below should do the job

$permissions = \Spatie\Permission\Models\Permission::all()

$role = \Spatie\Permission\Models\Role::where('name', 'admin')->first();

// foreach on permissions
 $role->givePermissionTo($permission);
// end foreach

edited Jun 16 '19 at 10:49

answered Jun 16 '19 at 10:17

Guillaume Cozic

104
4

Yes I have read about that and that what I was thinking about. Is there a way so I could assign all permissions to a certain user? I mean a Spatie Function – AE1995 Jun 16 '19 at 10:34
`$permissions = \Spatie\Permission\Models\Permission::all() $role = \Spatie\Permission\Models\Role::where('name', 'admin')->first(); // foreach on permissions $role->givePermissionTo($permission); // end foreach ` should do the job – Guillaume Cozic Jun 16 '19 at 10:41
Please edit the answer so I could accept it to help others – AE1995 Jun 16 '19 at 10:46

score 0 · Answer 2 · answered Nov 29 '21 at 12:49

you can work with both role and permission by applying on middleware

    //
});

Route::group(['middleware' => ['permission:publish articles|edit articles']], function () {
    //
});

Route::group(['middleware' => ['role_or_permission:super-admin|edit articles']], function () {

You can protect your controllers similarly, by setting desired middleware in the constructor:

{
    $this->middleware(['role:super-admin','permission:publish articles|edit articles']);
}```

Laravel Spatie middleware using role OR permission

2 Answers2