Laravel 12 - Role-Based Permissions
Filter

Laravel 12 - Role-Based Permissions

by Souy Soeng /
Share

Laravel 12 - Role-Based Permissions and Controller

This PHP code defines a simple role-based permission system that allows different user roles to perform different actions within a Laravel 12 application. It uses a configuration file to manage roles and their corresponding permissions.

Roles and Permissions Configuration:

The roles configuration (defined in config/roles.php) maps each user role to specific permissions:

  • Admin has permissions to view, edit, and delete.

  • Editor has permissions to view and edit.

  • User has permission to only view.

return [
    'Admin' => ['view', 'edit', 'delete'],
    'Editor' => ['view', 'edit'],
    'User' => ['view'],
];

Controller Usage:

In the controller, we retrieve the current authenticated user's role using Auth::user()->role. Based on this role, we fetch the corresponding permissions from the roles configuration.

For each action (view, edit, delete), the code checks if the current user has the required permission. If they do, an appropriate button is displayed in the HTML. Here's the logic:

  1. View permission: All roles can view, so a "view" button is displayed for everyone.

  2. Edit permission: Only Admin and Editor roles can edit, so the "edit" button is shown to users with these roles.

  3. Delete permission: Only Admin can delete, so the "delete" button is shown only for Admin users.

The buttons are structured with Bootstrap and icons for the following actions:

  • View: Opens a modal to view the user details.

  • Edit: Opens an offcanvas form to edit the user.

  • Delete: Opens a confirmation modal to delete the user.

Example Controller Code:

use Illuminate\Support\Facades\Auth;

// Get the current user's role
$userRole = Auth::user()->role;

// Get the permissions based on the user's role
$permissions = config('roles')[$userRole] ?? [];

$action = '<div class="d-flex gap-2">';

// View permission: All roles can view
if (in_array('view', $permissions)) {
    $action .= '
        <button class="btn btn-info btn-sm userView" data-id="'.$record->id.'" data-bs-toggle="offcanvas" data-bs-target="#viewUser" aria-controls="viewUser">
            <i class="bi bi-eye"></i>
        </button>';
}

// Edit permission: Admin & Editor roles can edit
if (in_array('edit', $permissions)) {
    $action .= '
        <button class="btn btn-warning btn-sm userUpdate" data-id="'.$record->id.'" data-bs-toggle="offcanvas" data-bs-target="#offcanvasRight">
            <i class="bi bi-pencil"></i>
        </button>';
}

// Delete permission: Only Admin can delete
if (in_array('delete', $permissions)) {
    $action .= '
        <button class="btn btn-danger btn-sm userDelete" data-id="'.$record->id.'" data-bs-toggle="modal" data-bs-target="#modalDeleteUser">
            <i class="bi bi-trash"></i>
        </button>';
}

$action .= '</div>';

How It Works:

  • Dynamic Button Display: Only the relevant action buttons will be shown on the front end, depending on the user's role and permissions.

  • Security: This approach ensures that users are only shown buttons for actions they are authorized to perform.

  • Scalability: The configuration-based approach makes it easy to add new roles and permissions without altering the core application logic.

This is an efficient way to implement role-based access control (RBAC) within a Laravel application, ensuring that users only have access to the functionalities they are permitted to use.

Tag
Souy Soeng

Souy Soeng

Our website teaches and reads PHP, Framework Laravel, and how to download Admin template sample source code free. Thank you for being so supportive!

Github

Post a Comment

CAN FEEDBACK
close