Login/Register
Automate Entrust permission with accessing the Route name parameters and check for user's permission
Asked Answered
Solved phppermissionsrouteslaravel-5acl
Y

1

2

I have implemented Entrust Roles for ACL layer. Now I'm planning to automate the permission check for each request so that, each time I don't have to write the permission for the user roles.

eg. I have company resource, and user role as 'admin', he can only view company and another user role as 'super' can manage company. In database I had provided them appropriate permissions but in the middleware to check there permission, I am planning to achieve this:

if url goes: localhost/company/create - In DB permission will be of create_company and current logged in user will be checked based on this permission. 

$user->can('create_company')  OR
$user->can(['create_company', 'view_company']);

Que1: Is this possible to achieve this with middle ware, where route names eg.company.create, company.show are accessible ( so that dots are replaced with '_' and we can check permission) ? How?

Que2: Is this nice approach to achieve automatic role checking or there is some other better approach.

Any help/suggestion would be highly appreciated.

Yearling answered 14/5, 2015 at 10:59 Comment(0)
Y
2

Well I found the answer and to some extent I have made automated permission testing. I have created a function in the Authenticate.php middleware

public function autocheckroles($request)
{
    $perms = '';
    $delimiter = '_'.$request->segment(1);
    if($request->isMethod('GET')){

        if(is_numeric($request->segment(2)) && is_null($request->segment(3))){
            $perms = 'show'.$delimiter; 
        }
        elseif($request->segment(3) == 'edit' && 
            is_numeric($request->segment(2))){
            $perms = 'edit'.$delimiter;
        }
        elseif ($request->segment(2) == 'create'){
            $perms = 'create'.$delimiter;
        }
        elseif(is_null($request->segment(2)) && is_null($request->segment(3)) &&
            ! is_null($request->segment(1))){
            $perms = 'view'.$delimiter;
        } 
    }
    elseif($request->isMethod('POST')){
        if($request->segment(1)){
            $perms = 'create'.$delimiter;
        }           
    }
    elseif($request->isMethod('DELETE')){
        $perms = 'delete'.$delimiter;
    }
    elseif($request->isMethod('PUT') || $request->isMethod('PATCH')){
        if($request->segment(1)){
            $perms = 'edit'.$delimiter;
        }
    }
    return $perms;
}

This return me the permission based on the request method. E.g. create_perm OR create_role OR edit_role. This way, I don't have write each and every permission in middleware. It will check automatically based on the request.

// Check for the user role and automate the role permission
    $perform_action = $this->autocheckroles($request);
    // Super Admin with id number 1 dosen't require any permission
    if((\Auth::user()->id == '1') || \Auth::user()->can($perform_action)){
        return $next($request);
    }
    else
    {
        \Session::flash('flash_message', 'You are not authorized for this page.');
        return new RedirectResponse(url('/home'));
    }

This way, if user is not authorized he will be redirected to Dashboard (home) page and super user won't face any such authentication so he is excluded.

Yearling answered 22/5, 2015 at 9:24 Comment(1)
Tarunn, the edit I made was to remove noise from your answer. Some salutations are automatically removed, others, like this, are left for editors to tidy while preserving the info in the post. Stack Overflow isn't a forum; there is no need to ask people to respond with better answers, as there is always an open invitation for that that. With "thanks" in it, your answer shows up on a list of posts that may deserve deletion; my edit is intended to preserve your answer. If you want to keep it as-is, that's your choice.Illustrate

© 2022 - 2024 — McMap. All rights reserved.