backpack for laravel trying to implement permissions, roles

Question

i've installed permission manager for the backpack crud package,it lets me to implement permissions, roles, users, but there's no example where to put the code to validate a user satisfy the requirements.

for example : i added the code below inside function setup() in my equipment controller and it shows an error , should i use middleware in routes??

i recently created the middleware :

 class RoleMiddleware
 {
/**
 * Handle an incoming request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  \Closure  $next
 * @return mixed
 */
public function handle($request, Closure $next, $role, $permission)
{      


     // dd($request->user()); 
     // if (!Auth::user()->hasRole($role)) { 

     //      Alert::add('error', 'You do not have necessary authorization to access to the page')->flash(); return redirect('home'); 
     // } 

    // dd($request->user());
     if (Auth::guest()) {

       return redirect(url(config('backpack.base.route_prefix').'/login'));
      }

     dd($request->user()->hasRole($role));  //si pregunta si tiene el rol de administrador
     if (!$request->user()->hasRole($role)) {

         Alert::info('You do not have necessary authorization to access to the page Role');
        // abort(403);
      }

    if (!$request->user()->can($permission))  // pregunta si tiene el permiso de back_end
    {

        Alert::error('You do not have necessary authorization to access to the page Permission');
        abort(403);
     }


    return $next($request);
}

}

my routes :

    Route::group(['middleware' => ['admin','role:admin,access_backend']], function() {

CRUD::resource('equipos', 'EquiposCrudController');
CRUD::resource('regiones', 'RegionesCrudController');
CRUD::resource('parametros', 'ParametrosCrudController');
CRUD::resource('estaciones', 'EstacionesCrudController'); 
}

What if i have an user Editor that has 1 Role "Edit" and Permission "back_end" and "edit" , having the middleware setup like that only accepts my Editor user only if it comply with admin role. right?? should i add to my editor user the role admin as well? the problem being that role admin has permission to everything.

i'm intended to implement the code below dynamically on each controller,instead of asking for every role. any alternatives?

class EquiposCrudController extends CrudController
{

 public function setup() {

   if($user->hasRole('editor')){

        $this->crud->denyAccess(['create','delete']);
    }

   if($user->hasRole('usuario')){

      $this->crud->denyAccess(['create','delete','update']);
   }

Abdenacer Rachedi Abdenacer Rachedi · Accepted Answer · 2017-09-04T19:21:16

try this :

$user = Auth::user();

if($user->hasRole('editor')){
    $this->crud->denyAccess(['create','delete']);
}

if($user->hasRole('usuario')){
  $this->crud->denyAccess(['create','delete','update']);
}

backpack for laravel trying to implement permissions, roles

2 Answers