Super admin and another admins

[neoacevedo]

I have defined a super admin role and I have another roles. All them lands on /dashboard route.

According with https://spatie.be/docs/laravel-permission/v5/basic-usage/super-admin, I have to setup the gate into the AuthServiceProvider boot method for super admin. It's ok, but, other roles will run in a forbidden status when they land in dashboard.

How can I to allow the dashboard for all roles?

I forgot: in the __construct method for AdminController, where I have defined the dashboard route, I have setup the middleware but it seems not work.

[erikn69]

Y la regla donde dice que no se puede preguntar en español, dónde está?

Entonces porque preguntas en ingles? 😄

[neoacevedo]

Acto reflejo.

[erikn69]

How can I to allow the dashboard for all roles?

It looks easy to me, only use request

Gate::before(function ($user, $ability) {
    return (request()->is('dashboard') && $user->roles->count()) || $user->hasRole('Super Admin') ? true : null;
});

[neoacevedo]

I will check it.

[neoacevedo]

Within the method getAbility, if I change to:

        $routeName = explode('/', request()->route()->uri);
        $allowed = auth()->user()->can($method);
        return $allowed? $routeName[0] . "/" . $method : null;

It will allow the action, even if $allowed is false, but if I let the method as is, it works. Do you have any explanation about it?

[erikn69]

Do you have any explanation about it?

I have basic knowledge, no idea 😄
It's not my code, and i'm not an collaborator of the package, i'm only trying to help

[neoacevedo]

jaja Ok don't worry. Thank you anyway. I will try to solve by myself now.

[erikn69]

Here are the docs of that code: easy-roles-and-permissions

[neoacevedo]

Good, works for dashboard.

Now, I see not works for the other routes I need. I think it is related with the permissions themselves.

I get, for another routes, the same behavior as described in #1027

I will try to be as clearest as I can. I have some roles: super admin, admin, accountant.

I don't want to set the permissions on each view, I think it breaks the MVC pattron, and I don't want at the moment to setup the permissions in each method, and setting the permissions in the routes file isn't a good idea because there is a lot of routes, then, I use the controller constructor method for setup the middleware:

$this->middleware([
            'auth:admin',
            'permission:admins',
            'permission:audit',
            "permission:log",
            'permission:roles',
            'permission:permissions',
            'permission:payment',
            "permission:all"
        ]);

The super admin can do everything (all). The admin rol doesn't have some permissions, for instance, this rol have log, roles and permissions as asigned permissions but it has the admins, audit and payment permissions; the accountant only has the payment permission.

My problem rises when, the user with admin role tries to access to any allowed route (according with the permissions) in the controller:

array:4 [▼
  "ability" => "admins"
  "result" => true
  "admin" => 16
  "arguments" => "[]"
]

success

array:4 [▼
  "ability" => "audit"
  "result" => true
  "admin" => 16
  "arguments" => "[]"
]

success

array:4 [▼
  "ability" => "log"
  "result" => true
  "admin" => 16
  "arguments" => "[]"
]

error

array:4 [▼
  "ability" => "all"
  "result" => null
  "admin" => 16
  "arguments" => "[]"
]

The middleware checks this role and it sees the "all" permissions is not asigned and raises the error 403.

I'd like to know for suggestions to achieve what I need.

Thank you.