Videos like these give me hope. Reading through the docs is one thing but seeing a practical way of using it is another. You and Code with Dary are the best channels to learn laravel
0:50 - 1st Example: Separate views 5:20 - 2nd Example: Gates with static roles and permissions 8:25 - 3rd Example: Policies Don't mind me, I find myself on this video often.
Good catch, only a few days ago I scratched my head wondering why Gate::check always returned false, when the logic inside the gate was definitely permissive. I figured out that you had to be authenticated in order to even reach that logic.
Not often you find videos regarding concepts without implementations, very cool. I didn't want to follow a tutorial about integrating any of this systems without knowing what each can do so thanks for sharing this type of videos.
Every now and again I view your videos to check my knowledge in Laravel or to better understand some concepts and you always are a guarantee! Through the years I became a better Laravel developer thanks to your videos. You're a great teacher and developer. Cheers from Italy ❤
I can't thank you enough. I'm a beginner , Your suggestions,tips helped me grow so fast. My codes are better than before , my understanding has increased. You have boosted and cleared my confusions like so easy with every practical examples. I have completed Advance Beginner path within 4 months from since I installed Laravel on my pc, done some small solo projects for practice. I'm about to join as a Jr. Software Engineer. Soon gonna join your paid courses. Thank You so much . and also I hate X-slot in breeze :) but you made my day with that explanation video how you reverse engineered it , i tried it myself but I couldn't finish it because of some terms that i was unclear.
Hello, such a nice explanation, just one thing I know and I'm sure many Laravel programmers wonder, is when to use authorization in gates/policies and when to use middlewares, like if we have a middleware, why call $this->authorize in the controller? actually why are there 2 methods in the first place, when to use what? please make a short video about this because I'm telling you, many Laravel users fall into this question, I know yes in small projects this detail may not be important, but the bigger the project I think these details can have a significant impact on best practices that allow scalability. Thanks
Superb video! I watched 5 mint duration and continue watching. Separate controller for User and Admin, Middleware and route structure all concept is informative. I am working on a project based on Online Exhibitions where we have Admin, User, Organizer, Exhibitor, Speaker, and visitor roles while watching this video I'm summarizing the future plan about project structure. Thank you Povilas Sir.
You can also use Gates in 'can' middleware: Route::get('/admin', function () { // Code to be executed if the user has the 'create-tasks' permission })->middleware('can:create-tasks');
Policies are one of my favorite features of Laravel. I was never sure if I should use gates instead, but I do like the grouping, so yeah I'll continue to use policies. Also, you shouldn't use auth() in the policy because you already have $user
@@reikosama1 Yeah but that would only mean you don't have to check the $user being null. You'd still want to check against IDs if appropriate (e.g. Editing records owned by someone)
Congratz on the channel, it is one of the best I found about Laravel. I thought about asking how you deal with business related validation rules. In one of my projects, I develop a platform where you can advertise your real estate properties. Basically, you choose a plan that has a membership fee and a monthly fee. Apart from that, you optionally buy other services together with the plan . For now, you can only hire one plan per order. So, the order model is basically {id, plan_id, property_id, ...} and then there is a pivot table to link service items. Thing is, there is a requirement to allow the user to delete an order only if the order is either just created and not yet paid or the payment has failed, and similarly to only delete a property if it has no open orders. Where would you put this validation?
Another great video! I have not been watching Policy course yet, but I think here (in tube), I can suggest something to part 2 (Gates): In my projects, I group gates by roles and actions - i.e. gate for admin, gate for manager (and admin), gate for author (admin and author) and just using separte route files. In every one route file - group routes by middleware. I.e. for admin gate (Gate::define('admin' ..)) - route file will be web-admin.php and in the file - Route::group(['middleware' => ['can:admin']], fn...). In this way is not necessary to add authorize line in each method. I don't know - is this right or not, but think is more visible and escaped the point if we forget about authorize line. Thank You for all of Your videos! Thank You and for your courses! They are so usefull even for advanced laravel developer!
we can use polymorph on users table with the different user's types and create a table on every user type to associate that with the 'useable' morph field
Thanks a lot for helpful videos. I have a question. We have implemented LDAP record package, and our company employees can log in into system using their domain credentials without registration. How I can add Spatie roles and permissions for those users with keeping LDAP login mechanism? Is it possible?
Hi, What is the best solution for multiple authentication in laravel ? Using multiple table with guard eg default users table for frontend users and admins table for backend users (Note: in backend there is users with role.) Adding is_admin field in default users table. And add the middleware for admin or user. Please suggest.
Thank you very much, my controller was a mess validating all this stuff without any technique! What you think about creating a RoleEnum instead of consts inside the model?
Good, i will use it. But in role model, some kind of bad naming maybe in constants, when you use IS_ it says that is boolean. Maybe Role::Admin more better
Very interesting video, I sometimes wonder why not Taylor make a little modification to default users table and add 'is_admin' field by default, because now this has become a very popular question and a request. Can you make a details videos on how to use 'Gates & Policy'. 🔥🔥 Thank you very much for all the free videos.
At 10:00, in TaskController at the public function store, is it mandatory to have the part of Task::create($request ...) or can we have a $this->validate function?
Interesting way of checking the permissions. I check my premissions inside the construct and use the default permissions middleware: function __construct() { $this->middleware('permission:vacancy-list|vacancy-create|vacancy-edit|vacancy-delete', ['only' => ['index', 'show']]); $this->middleware('permission:vacancy-create', ['only' => ['create', 'store']]); $this->middleware('permission:vacancy-edit', ['only' => ['edit', 'update']]); $this->middleware('permission:vacancy-delete', ['only' => ['destroy']]); }
That is also a valid way, but I think it's more readable to have permissions set at every method, then you don't need to scroll to the constructor to find out who has access to this method.
Is it possible to manage user,admin, roles , permissions from back end using single user table...Without creating any guard...And of course differentiate using prefix admin
@LaravelDaily Thanks for all those great Videos. I've got a question regarding this topic thinking a bit over the top about separating Frontend and Admin/Backend. How would you do Kernel.php separation if one wants to separate these bootstraps f.e. using different components and so on? So likely I don't even want the frontend Kernel.php to include stuff that I really only want to have in Admin/Backend part? Pre-Spoiler... I already had some success on that delegating from the generic Kernel.php to an extended Backend/Kernel and Frontend/Kernel by using Route-Group as separator ("/" and "/admin"). But there's still one caveat when trying f.e. to enable the debug-toolbar which somehow doesn't inject anymore as it looks like somehow it's trying to do that on level of the original Kernel and not the final Kernel processing the bootstrap afterwards. I'm curious about your feedback and/or a video about that or which else way you would suppose to do this in a clean way?!
I have this video about their package: th-cam.com/video/NgToi0uiMNQ/w-d-xo.html It's a personal preference what you're more comfortable with. I would choose our own QuickAdminPanel.com system because I have a lot of practice with it.
Let's suppose we have scenario We have multiple admins and users. User can be assigned to only one admin. According to this code admin can change record of user which is not assigned to him. How to deal with that
You mention it at 5:50 + but what if you want the `task` to be for user and admin BUT also for staff, editor etc.. What if you have a say application where you have admin, staff, editors, users, subscribers And everyone is a user, meaning they have a user profile. But some users might also be staff or editors, so they have user profile like every user, but additionally they have X powers, like edit other posts, and staff can ban people, but they are also active in the community, normal users. Would that then be 'extended' functionality, instead of one being either an admin or not, a staff member or not, a user or not, a guest or not... or?
@13:31 You can also have a 'role' column in your 'users' table, that will contain names of the roles 'admin', 'manager', 'user', etc. And check for them - clean and clear. And if you worried about consistency of those role names in the forms, you can put them in User model as constants. Pros: clear role names in the code, no additional table and queries required. Cons: to add additional roles you will need to add them in the User model class. Or just be mindful what you assign as a role. If there any other Pros and Cons - please list them here.
Hey, the biggest con of your approach is the limitation on how many roles you can assign to the person at that point. For example, with the package, you can easily add multiple roles to the person (which sometimes is necessary), and when using a single column - you are stuck with one :)
@@modestasmv In case when user should have many roles - yea, agree - pivot table and roles table will be the way to go. But, is there any cons if there is no need for multiple roles per user?
@@VadimBesedin In my experience - there's quite a good chance that your application will need some sort of multi role or permissions eventually. Of course that might not be the case but having an additional query to actually get the role - isn't that impactful and you can actually employ caching for this :)
@@modestasmv I see your opinion. But you've missed the question regarding any other cons, except the one you've already mentioned. So, looks like there is no cons if multi-role is not required.
Good but, I don't know 🤷♀️, what is the idea to Gate::define because when I call $this->authorize('post edit'); always call database to see permissions, if I didn't define always call database to see it, because I need to define all permissions just one time in GATES, please help me 😢 and then make more requests by ajax but I don't need to ask the permissions to database 😢
Can we use Model Policy to authorize if a certain Post can be edited according It's Post state. For example If Post is published and we don't want published post to be edited, can we use policies for that? Should we always use Policy methods to authorize if User can or cannot. What do you think? Is it a good practise?
Hi. Can I ask you to do a video turorial on how to use bouncer. If you can demo it using the crud and admin / user viewing and not viewing buttons that will be great.
Thank you so much for this video. Please make a video about how to integrate firebase (with firebase SDK) with Laravel 8 and how to save user data into the local database after user account verification using firebase.
hello why is my laravel cant pass the data from controller to the blade view? pls help when im not using spatie it works perfectly fine but when i use it it wont work
09:46 can policy apply to multiple model? Let's said a controller need manipulate multiple not relation models. And can this concept apply to web API? I saw most guide related to blade but not API
When would you recomend the use of a package like Bouncer or Spatie Laravel-permission over a simple implementation like you showed in this video ? I tried all of them and I can say that Bouncer feels the best. Spatie has that problems with multiple guards and in most web apps there are at least 2 guards: web and api, so it requires a duplicate of everything. Also for me the "native roles and permisions" seems ok for small apps that don't have many roles and permisions. Something more, what about using those roles and permisions in a SPA based on VUE, React, Angular, etc that has Laravel as backend API ? What data should be sent to the SPA in order to handle some "guards"(routes guards, only show what a user is allowed too see, etc) ? Sure, the backend protections must be implemented but they are similar an web app. As of now I am implementing Bouncer and I plan to send the user role name and his abilities list. Then I'll check to see if his abilities list contains the ability that is needed to access an area or do do an action. How it sounds ? (My app has 7 roles and over 20 abilities in total). Thanks!
Personally, I don't use guards for web and api, I use the same users table with roles/permissions and with Sanctum for API. So I've never encountered that problem. For authorization of SPA with Vue, see our take in this video: th-cam.com/video/JatpAUl6_5E/w-d-xo.html
@@LaravelDaily It seems I missed that video. Thanks for it. It is really graet. Now I have to redisign 2 SPAs or even 3 :)) About guards, well, I have a project where the dashboard is an SPA that is authentificated via Sanctum and a client area(a store) that will be a "clasic" web app with Blade fiels and jQuery. That is where the problem with 2 guards comes from. @casl/vue can be used with Bouncer and a "hybird" site(SPA + Blade), right ? I think for this project I will kepp simple roles for now, the deadline is close and I am already a behind the plan.
![ละลาย (LALALYE) - DAOU PITTAYA ต้าห์อู๋ พิทยา [OFFICIAL MV]](http://i.ytimg.com/vi/wo6r9TgausI/mqdefault.jpg)
Videos like these give me hope. Reading through the docs is one thing but seeing a practical way of using it is another. You and Code with Dary are the best channels to learn laravel
0:50 - 1st Example: Separate views
5:20 - 2nd Example: Gates with static roles and permissions
8:25 - 3rd Example: Policies
Don't mind me, I find myself on this video often.
thanks
third time I'm rewatching this also
Thank man! I wish you in some parallel Universe Miss Brazil to be your girlfriend! 👍
This is definitely most asked question on Laravel community. Thank You :)
This was really helpful. I just wanted to mention that Laravel Policies would work only on an authenticated route.
Good catch, only a few days ago I scratched my head wondering why Gate::check always returned false, when the logic inside the gate was definitely permissive. I figured out that you had to be authenticated in order to even reach that logic.
No, this is false. You have to typehint the first argument as a nullable user if you want unauthenticated routes to also make use of it.
Why'd someone even want to use policies with unauthenticated users? 😐 There are middlewares for that
I have learned lots of advanced Laravel topics from your tutorials. I almost watched all of your videos. thanks
Not often you find videos regarding concepts without implementations, very cool. I didn't want to follow a tutorial about integrating any of this systems without knowing what each can do so thanks for sharing this type of videos.
Excellent overview, perfect tempo, great (pedagogic) approach. Thanks again for your continued efforts!
Thank You soo much sir.., Now i can easily crack my interview without any hurdles. I will continue watching your daily videos to master laravel 👍
Every now and again I view your videos to check my knowledge in Laravel or to better understand some concepts and you always are a guarantee! Through the years I became a better Laravel developer thanks to your videos. You're a great teacher and developer. Cheers from Italy ❤
I can't thank you enough. I'm a beginner , Your suggestions,tips helped me grow so fast. My codes are better than before , my understanding has increased. You have boosted and cleared my confusions like so easy with every practical examples. I have completed Advance Beginner path within 4 months from since I installed Laravel on my pc, done some small solo projects for practice. I'm about to join as a Jr. Software Engineer. Soon gonna join your paid courses. Thank You so much . and also I hate X-slot in breeze :) but you made my day with that explanation video how you reverse engineered it , i tried it myself but I couldn't finish it because of some terms that i was unclear.
One of best explanation from your arsenal. Also liked slow pace while explaining every minute details.
Great 🔥🔥
Yesterday, i just searching bout this topic on your channel sir.. 😅
And now i have a notice to watch this video.. 👍👍👍
Got stuck at authorization part of the documentation. this video really helped me out!
Hello, such a nice explanation, just one thing I know and I'm sure many Laravel programmers wonder, is when to use authorization in gates/policies and when to use middlewares, like if we have a middleware, why call $this->authorize in the controller? actually why are there 2 methods in the first place, when to use what? please make a short video about this because I'm telling you, many Laravel users fall into this question, I know yes in small projects this detail may not be important, but the bigger the project I think these details can have a significant impact on best practices that allow scalability. Thanks
You are single handedly responsible for saving PHP from dying.
Loving the videos, they've been a huge help to me and you've got a no nonsense approach to teaching that's appreciated for sure 👍🏻
Superb video! I watched 5 mint duration and continue watching. Separate controller for User and Admin, Middleware and route structure all concept is informative. I am working on a project based on Online Exhibitions where we have Admin, User, Organizer, Exhibitor, Speaker, and visitor roles while watching this video I'm summarizing the future plan about project structure. Thank you Povilas Sir.
thank you i finished first level and now i am on the second level on the path learning on your website
Each of your video means a piece of diamond to me 😊
Take love from Bangladesh ❤❤❤
last one about laravel policy is so cool, I really like that, thanks for the video
Perfect timing, this is a brilliant simple walkthrough/example use case
Perfect explanation about authorization in laravel. Thank you.
You don't get enough credit for your wonderful videos. thanks
One of the simplest way to explain this topic ❤️
WTF! You explained very well compare with any video that I saw, probably I'll take a few curses from your site.
Cheers from Mexico
Couldn't be explained better than this! Thank you so much
This is the best best best explanation I found.
Very very thanks
All I want to say is thank you so much! Finally! Very helpful.
Your explanations are really comprehensive, I'm really glad that I watched this, thanks!
You are amazing!! God bless u sir for helping and explaining these amazing features.
after 2 years still useful ❤
You saved me with this policies approach. I can't get the AuthServiceProvider working and didn't know that I had to use $this->authorize. Thanks a lot
You can also use Gates in 'can' middleware:
Route::get('/admin', function () {
// Code to be executed if the user has the 'create-tasks' permission
})->middleware('can:create-tasks');
Great video..need to watch couple of times to understand fully. Thanks a lot
Policies are one of my favorite features of Laravel. I was never sure if I should use gates instead, but I do like the grouping, so yeah I'll continue to use policies.
Also, you shouldn't use auth() in the policy because you already have $user
Yes, good point about auth()
Also, if you are using auth middleware to protect the routes, it is guaranteed that the user is logged in
@@reikosama1 Yeah but that would only mean you don't have to check the $user being null. You'd still want to check against IDs if appropriate (e.g. Editing records owned by someone)
Your channel is making me wants to switch to Laravel :)
Thanks a lot for your great examples, I've struggled a lot with these concepts, but now, it is very clear to me.
Good info. In addition, one can also use request rules in the controller.
S - single responsibility. Request rules are responsible for just validating parameters, and they should not resolve roles, permissions etc.
Congratz on the channel, it is one of the best I found about Laravel. I thought about asking how you deal with business related validation rules. In one of my projects, I develop a platform where you can advertise your real estate properties. Basically, you choose a plan that has a membership fee and a monthly fee. Apart from that, you optionally buy other services together with the plan . For now, you can only hire one plan per order. So, the order model is basically {id, plan_id, property_id, ...} and then there is a pivot table to link service items. Thing is, there is a requirement to allow the user to delete an order only if the order is either just created and not yet paid or the payment has failed, and similarly to only delete a property if it has no open orders.
Where would you put this validation?
There are other examples, like you can only schedule a visit to the property for at least X hours from now.
Your videos are really a great help - thank you so much 👍🏻
Very clear explanation. You are a great mentor! Keep up your great work !
It was exactly what I was looking for, your videos are so cool and helped me alot, best regards.
wow... i was looking for this kind of tutorials.. great explanation and very helpful... Thank you sir.
Very well explained. Exactly what I was looking for
Thank you sir. Very clear explaination on everything related.
Another great video! I have not been watching Policy course yet, but I think here (in tube), I can suggest something to part 2 (Gates):
In my projects, I group gates by roles and actions - i.e. gate for admin, gate for manager (and admin), gate for author (admin and author) and just using separte route files. In every one route file - group routes by middleware. I.e. for admin gate (Gate::define('admin' ..)) - route file will be web-admin.php and in the file - Route::group(['middleware' => ['can:admin']], fn...).
In this way is not necessary to add authorize line in each method. I don't know - is this right or not, but think is more visible and escaped the point if we forget about authorize line.
Thank You for all of Your videos! Thank You and for your courses! They are so usefull even for advanced laravel developer!
Yes, structuring routes by separate files and separate gates is another good way to structure it, thanks for valuable comment.
Very helpful, the best I've seen so far.
we can use polymorph on users table with the different user's types and create a table on every user type to associate that with the 'useable' morph field
Hi. Really love this video. Very helpful. Thank you.
Amazing as always! Very helpful. Thank you so much! Keep up the good work.
Thank you very much. I never use policy before but now I can.
LOVE the video! thanks for doing all this work really appreciate everything you do.
Very Helpful, thanks, brother.
Thanks a lot for helpful videos. I have a question. We have implemented LDAP record package, and our company employees can log in into system using their domain credentials without registration. How I can add Spatie roles and permissions for those users with keeping LDAP login mechanism? Is it possible?
Hi,
What is the best solution for multiple authentication in laravel ?
Using multiple table with guard eg default users table for frontend users and admins table for backend users (Note: in backend there is users with role.)
Adding is_admin field in default users table. And add the middleware for admin or user.
Please suggest.
Thank you very much, my controller was a mess validating all this stuff without any technique!
What you think about creating a RoleEnum instead of consts inside the model?
you are the best looks simple and practic i love your vids
I've used Laravel spatie role permission package to handle role based authentication and authorisation in my laravel map
Good, i will use it. But in role model, some kind of bad naming maybe in constants, when you use IS_ it says that is boolean. Maybe Role::Admin more better
Good catch, probably you're right.
This is exactly what I was looking for. Thanks.
Amazing concept Povilas. Laravel guard would also best for future videos.
I haven't really used guards in last couple of years, I always use roles/permissions instead.
This is incredibly helpful. Thank you.
Love his explanations. I was looking for permissions in laravel & just found this amazing video.
use the spatie role permission package available in laravel
Good tutorial! thanks from Brazil!
Thank you Mr. Povilas,
Exactly for what I was going to email you 😍.
Take love for this amazing job. ❤️
Very interesting video, I sometimes wonder why not Taylor make a little modification to default users table and add 'is_admin' field by default, because now this has become a very popular question and a request.
Can you make a details videos on how to use 'Gates & Policy'. 🔥🔥
Thank you very much for all the free videos.
Not sure what else can I add about gates and policy :)
@@LaravelDaily what I means was to create a detailed video instead showing a short instruction on a code that you already have written.
I don't think that repeating the same information in a slower and longer way would be very useful, to be honest.
it's amazing and perfect but how we can manage for dynamic roles according to menus. To store roles and permissions in database.
At 10:00, in TaskController at the public function store, is it mandatory to have the part of Task::create($request ...) or can we have a $this->validate function?
Nice video, Quick question...Is it possible to assign abilities dynamically from Database records using Gates, assigned to the Auth::id();?
Thank you Mr. Povilas,
Interesting way of checking the permissions. I check my premissions inside the construct and use the default permissions middleware:
function __construct()
{
$this->middleware('permission:vacancy-list|vacancy-create|vacancy-edit|vacancy-delete', ['only' => ['index', 'show']]);
$this->middleware('permission:vacancy-create', ['only' => ['create', 'store']]);
$this->middleware('permission:vacancy-edit', ['only' => ['edit', 'update']]);
$this->middleware('permission:vacancy-delete', ['only' => ['destroy']]);
}
That is also a valid way, but I think it's more readable to have permissions set at every method, then you don't need to scroll to the constructor to find out who has access to this method.
@@LaravelDaily fair point!
I like how explain it and really clean, can you do this in database driven permissions and roles?
really good explanations, thank you so much
Is it possible to manage user,admin, roles , permissions from back end using single user table...Without creating any guard...And of course differentiate using prefix admin
how to use gates for multiple guards. Is it okay to use duplicate Gate names for separate guard roles?
Hi,
Does the course including the middle-where ? Ex: linking the the user with one/ or more than one location ( asset ).
Thanks
@LaravelDaily
Thanks for all those great Videos. I've got a question regarding this topic thinking a bit over the top about separating Frontend and Admin/Backend.
How would you do Kernel.php separation if one wants to separate these bootstraps f.e. using different components and so on? So likely I don't even want the frontend Kernel.php to include stuff that I really only want to have in Admin/Backend part?
Pre-Spoiler... I already had some success on that delegating from the generic Kernel.php to an extended Backend/Kernel and Frontend/Kernel by using Route-Group as separator ("/" and "/admin"). But there's still one caveat when trying f.e. to enable the debug-toolbar which somehow doesn't inject anymore as it looks like somehow it's trying to do that on level of the original Kernel and not the final Kernel processing the bootstrap afterwards.
I'm curious about your feedback and/or a video about that or which else way you would suppose to do this in a clean way?!
This video is really good!
Thanks for this good overview
Beautiful explanation
what do you think about Spatie ?
And..
If you have to choose between Spatie or [Middelware, Gate, Policy]'s Laravel natvie, what do you choose?
I have this video about their package: th-cam.com/video/NgToi0uiMNQ/w-d-xo.html
It's a personal preference what you're more comfortable with. I would choose our own QuickAdminPanel.com system because I have a lot of practice with it.
Let's suppose we have scenario
We have multiple admins and users.
User can be assigned to only one admin.
According to this code admin can change record of user which is not assigned to him.
How to deal with that
You mention it at 5:50 + but what if you want the `task` to be for user and admin BUT also for staff, editor etc..
What if you have a say application where you have admin, staff, editors, users, subscribers
And everyone is a user, meaning they have a user profile.
But some users might also be staff or editors, so they have user profile like every user, but additionally they have X powers, like edit other posts, and staff can ban people, but they are also active in the community, normal users.
Would that then be 'extended' functionality, instead of one being either an admin or not, a staff member or not, a user or not, a guest or not... or?
Thank you for a clear explanation
@13:31 You can also have a 'role' column in your 'users' table, that will contain names of the roles 'admin', 'manager', 'user', etc. And check for them - clean and clear. And if you worried about consistency of those role names in the forms, you can put them in User model as constants. Pros: clear role names in the code, no additional table and queries required. Cons: to add additional roles you will need to add them in the User model class. Or just be mindful what you assign as a role.
If there any other Pros and Cons - please list them here.
Hey, the biggest con of your approach is the limitation on how many roles you can assign to the person at that point. For example, with the package, you can easily add multiple roles to the person (which sometimes is necessary), and when using a single column - you are stuck with one :)
@@modestasmv In case when user should have many roles - yea, agree - pivot table and roles table will be the way to go. But, is there any cons if there is no need for multiple roles per user?
@@VadimBesedin In my experience - there's quite a good chance that your application will need some sort of multi role or permissions eventually. Of course that might not be the case but having an additional query to actually get the role - isn't that impactful and you can actually employ caching for this :)
@@modestasmv I see your opinion. But you've missed the question regarding any other cons, except the one you've already mentioned. So, looks like there is no cons if multi-role is not required.
Good but, I don't know 🤷♀️, what is the idea to Gate::define because when I call $this->authorize('post edit'); always call database to see permissions, if I didn't define always call database to see it, because I need to define all permissions just one time in GATES, please help me 😢 and then make more requests by ajax but I don't need to ask the permissions to database 😢
Hi, what about API token permissions with sanctum, I can use the same policies names and it works out of the box?
Can we use Model Policy to authorize if a certain Post can be edited according It's Post state. For example If Post is published and we don't want published post to be edited, can we use policies for that? Should we always use Policy methods to authorize if User can or cannot. What do you think? Is it a good practise?
Yes it's a pretty normal practice
@@LaravelDaily Thank you
If i could suscribe a thousand times i would do it for sure... Thank you very much
Hi. Can I ask you to do a video turorial on how to use bouncer. If you can demo it using the crud and admin / user viewing and not viewing buttons that will be great.
How would you implement multiple roles / actions per user, would you just create a roles table with user_roles table 1 to many relationship?
role_user pivot table with manytomany relationship
Thank you so much for this video. Please make a video about how to integrate firebase (with firebase SDK) with Laravel 8 and how to save user data into the local database after user account verification using firebase.
Haven't worked with firebase recently so can't make a video about it
@@LaravelDaily No worries sir. Thank you so much for reply.
hello why is my laravel cant pass the data from controller to the blade view?
pls help when im not using spatie it works perfectly fine but when i use it it wont work
09:46 can policy apply to multiple model? Let's said a controller need manipulate multiple not relation models.
And can this concept apply to web API? I saw most guide related to blade but not API
Very useful ... i appreciate it .. thank you Sir!
When would you recomend the use of a package like Bouncer or Spatie Laravel-permission over a simple implementation like you showed in this video ?
I tried all of them and I can say that Bouncer feels the best. Spatie has that problems with multiple guards and in most web apps there are at least 2 guards: web and api, so it requires a duplicate of everything. Also for me the "native roles and permisions" seems ok for small apps that don't have many roles and permisions.
Something more, what about using those roles and permisions in a SPA based on VUE, React, Angular, etc that has Laravel as backend API ? What data should be sent to the SPA in order to handle some "guards"(routes guards, only show what a user is allowed too see, etc) ? Sure, the backend protections must be implemented but they are similar an web app.
As of now I am implementing Bouncer and I plan to send the user role name and his abilities list. Then I'll check to see if his abilities list contains the ability that is needed to access an area or do do an action. How it sounds ? (My app has 7 roles and over 20 abilities in total).
Thanks!
Personally, I don't use guards for web and api, I use the same users table with roles/permissions and with Sanctum for API. So I've never encountered that problem.
For authorization of SPA with Vue, see our take in this video: th-cam.com/video/JatpAUl6_5E/w-d-xo.html
@@LaravelDaily It seems I missed that video. Thanks for it. It is really graet. Now I have to redisign 2 SPAs or even 3 :))
About guards, well, I have a project where the dashboard is an SPA that is authentificated via Sanctum and a client area(a store) that will be a "clasic" web app with Blade fiels and jQuery. That is where the problem with 2 guards comes from.
@casl/vue can be used with Bouncer and a "hybird" site(SPA + Blade), right ?
I think for this project I will kepp simple roles for now, the deadline is close and I am already a behind the plan.
10:42 why do you check with auth()->user() ? Isn’t the $user being passed as an argument the auth user already or am I missing something ?
Thanks for the video! great help!
Can we do as much as spatie/laravel-permission does with just laravel core policies? Can you pls make more videos for it
Yes we can, I think it's pretty clear from this video. Which part is exactly unclear? You sh just try, I guess
You already have auth user in policy method, no need for auth()->user(), I think.
Yes. User $user in policy method, already retrieves currently authenticated user if i remember correctly.