You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tortue Torche edited this page Mar 17, 2015
·
4 revisions
When you define a user's authority rules for a given model, you are not restricted to the 7 RESTful actions (create, update, destroy, etc.), you can create your own.
For example, in Role Based Authorization I showed you how to define separate roles for a given user. However, you don't want all users to be able to assign roles, only admins. How do you set these fine-grained controls? Well you need to come up with a new action name. Let's call it assignRoles.
// in config/authority-controller.php # For Laravel 5.0// in app/config/packages/efficiently/authority-controller/config.php # For Laravel 4.*if ($user->hasRole('admin')) {
$this->allow('assignRoles', 'User');
}
We can then check if the user has permission to assign roles when displaying the role checkboxes and assigning them.
{{-- users/edit.blade.php --}}
@if (Authority::can('assignRoles', $user))
{{-- role checkboxes go here --}}
@endif