I have 4 types of users using my system: 1.Super Administrator 2.Super Administrator Team, 3.Administrator and 4. Management Team Members,
Because I use spatie to handle roles and permissions, I have a set of modules (permissions) that are common to all types of users, and another set of modules (permissions) that are only for super admins, like payment methods, etc. .
Now, once my database is seeded for permission, do I have to seed it all at once? ['contacts','email','bids']
comes with network shields (but I'm a bit confused about the exact usage of shields and how they work), so admins can only access from these allowed permissions Assign permissions to his team However, for SuperAdmin, should I create other permission sets using SuperAdminGuard? I want to know what is the best practice.
Use case: Super Administrator First log in to the system and then decide from the list which permissions should be granted to the administrator.
2. The administrator logs into the system and assigns which set of permissions will be granted to his team, but the administrator will not be able to view the list of permissions that the super administrator has.
I hope I have made my point clear, please let me know the appropriate way to implement it.
I guess you are using a model which is users and assigning permissions directly to users. Here is my approach So, what you can do is, you can first create a role and grant the appropriate permissions to the role and then assign the role to the user.
First, assign permissions to the role
Now, synchronize roles with users
These are built-in spatie middlewares that you can write in app/Http/Kernel.php
Now you can use "role" middleware in routing to protect,
So, now you need to get permissions for a specific role i.e. Super Admin or Administrator. Here's what you can do,
In addition, you can also get the user role this way
One more thing, for super administrator, you don't need to get permissions from role, you can get all permissions directly. And since the super administrator has access to the entire system, you can bypass the super administrator's permission check by doing this,
Hope it helps you:)