2

I am using this package https://github.com/spatie/laravel-permission for roles and permissions. In my application i have several roles like:

  1. Users
  2. Employers
  3. Shop owners
  4. Vendors

Depending on the level of trust i want each person in a specific role to have access to specific permissions only. For a user of role user with id 7 i want him or her to have permissions editor,'shopping` and no other permission.

Another user of id 65 in the same role user can have editor,'shopping,'edit profile,'view maps' permissions.

When i look at the docs https://docs.spatie.be/laravel-permission/v3/basic-usage/role-permissions/

can a user in a specific role be given a permission different from another user in the same role?

Gandalf
  • 1
  • 29
  • 94
  • 165

3 Answers3

4

like this.?

specific user role and permission you can manage

$user = User::find(7);

$user->assignRole("user"); // assign role to that user

$user->givePermissionTo(['editor','shopping']); // for giving permission to user

$user->revokePermissionTo(['editor','shopping']); // for revoke permission to user


$user = User::find(65);

$user->assignRole("user"); // assign role to that user

$user->givePermissionTo(['editor','shopping','edit profile']); // for giving permission to user

$user->revokePermissionTo(['editor','shopping','edit profile']); // for revoke permission to user
Kamlesh Paul
  • 11,778
  • 2
  • 20
  • 33
  • This will not do what the op wants, If you apply the permission to the role every user with that role will have have that permission. – Remul Jan 29 '20 at 12:10
  • @Remul i think he said user `7` will be having diffrent permission and user `65` will be having diffrent permission and both role is same `user` – Kamlesh Paul Jan 29 '20 at 12:12
  • @KamleshPaul Yes thats what i said. Same role but different permissions. – Gandalf Jan 29 '20 at 12:12
  • @Gandalf i hope it is working for you just you need to create role relationship as by default spatie comes with many to many user roles relationship – Kamlesh Paul Jan 29 '20 at 12:14
  • @KamleshPaul I shall try this out. – Gandalf Jan 29 '20 at 12:15
  • @Gandalf great ^_^ – Kamlesh Paul Jan 29 '20 at 12:16
  • @KamleshPaul Yes but your code does not do that, you are applying the permissions to the role instead of the user, so every user with that role will have those permissions. – Remul Jan 29 '20 at 12:18
1

You can use Direct Permissions for this.

From the docs:

A permission can be given to any user:

$user->givePermissionTo('edit articles');

// You can also give multiple permission at once
$user->givePermissionTo('edit articles', 'delete articles');

// You may also pass an array
$user->givePermissionTo(['edit articles', 'delete articles']);

A permission can be revoked from a user:

$user->revokePermissionTo('edit articles');

//Or revoke & add new permissions in one go:    
$user->syncPermissions(['edit articles', 'delete articles']);

In your case:

// assign the role to the user
$user->assignRole('user');

// assign the permissions to the user
$user->givePermissionTo(['editor', 'shopping', 'edit profile', 'view maps']);
Remul
  • 7,874
  • 1
  • 13
  • 30
0

To remove a role, and not the Permissions, you can execute:

User::find(1)->removeRole('admin');

We are removing (revoking) the role 'admin' to the user with id 1.

This is done using the interactive shell with tinker. To enter in Tinker execute:

php artisan tinker

Then you can find and modify entities:

enter image description here

In fact we can see here that the user has no more the role 'admin';

But still the role 'user', that is the basic.

enter image description here

RobyB
  • 684
  • 2
  • 11
  • 19