skip to Main Content

I’m developing a Laravel application that requires different levels of access for different users, such as admins, editors, and regular users.

What is the best way to implement a roles and permissions system in Laravel ?

2

Answers


  1. check spatie/laravel-permission package.
    its the best way 🙂

    Login or Signup to reply.
  2. Implementing roles and permissions in a Laravel application can be done efficiently using the Laravel package spatie/laravel-permission. This package provides a straightforward way to manage roles and permissions. Here are the steps to set it up:

    1. Install the Package:

    composer require spatie/laravel-permission
    

    2. Publish the Migration and Configuration:

    php artisan vendor:publish --provider="SpatiePermissionPermissionServiceProvider"
    

    This will create the permission.php configuration file and migration files for roles and permissions tables.

    3. Define Roles and Permissions:

    You can define roles and permissions either in a seeder or through artisan tinker. Here’s an example using a seeder:

    // database/seeders/RolePermissionSeeder.php
    
    namespace DatabaseSeeders;
    
    use IlluminateDatabaseSeeder;
    use SpatiePermissionModelsRole;
    use SpatiePermissionModelsPermission;
    
    class RolePermissionSeeder extends Seeder
    {
        public function run()
        {
            // Create roles
            $adminRole = Role::create(['name' => 'admin']);
            $editorRole = Role::create(['name' => 'editor']);
            $userRole = Role::create(['name' => 'user']);
    
            // Create permissions
            $permissions = [
                'edit articles',
                'delete articles',
                'publish articles',
                'unpublish articles',
            ];
    
            foreach ($permissions as $permission) {
                Permission::create(['name' => $permission]);
            }
    
            // Assign permissions to roles
            $adminRole->givePermissionTo(Permission::all());
            $editorRole->givePermissionTo(['edit articles', 'publish articles', 'unpublish articles']);
            $userRole->givePermissionTo('edit articles');
        }
    }
    

    Run the seeder to populate the roles and permissions.

    php artisan db:seed --class=RolePermissionSeeder
    

    4. Middleware for Role and Permission Checks:

    Use middleware to protect your routes based on roles and permissions.

    // In your routes/web.php or routes/api.php
    
    Route::group(['middleware' => ['role:admin']], function () {
        Route::get('/admin', [AdminController::class, 'index']);
    });
    
    Route::group(['middleware' => ['permission:edit articles']], function () {
        Route::get('/edit-article', [ArticleController::class, 'edit']);
    });
    

    5. Blade Directives for Role and Permission Checks:

    @role('admin')
        <p>This is visible to users with the admin role.</p>
    @endrole
    
    @can('edit articles')
        <p>This is visible to users with permission to edit articles.</p>
    @endcan
    

    By following these steps, you can efficiently implement a robust roles and permissions system in your Laravel application using the spatie/laravel-permission package. This allows you to manage user access levels with ease and flexibility.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search