search

darryldecode / laravel-starter-kit

Laravel 7.0~ Starter Kit Powered by VueJS + Material Design(Vuetify)
https://laravel-starter-kit.darrylfernandez.com/
302 stars 131 forks source link

Suggestion on where to check for permissions #16

Closed msurguy closed 5 years ago

msurguy commented 5 years ago

Hi!

Thank you so much for this repository, it is a great starter kit for Vuetify + Laravel projects and I enjoy using it.

I was wondering what are your recommendations on where to check for user permissions and access levels. For example, if I wanted to limit file uploading to some users and not the others, how should I restrict access?

Thanks!

msurguy commented 5 years ago

@darryldecode also, I think I found a problem with how the permissions get saved in the DB. For example if you create a permission, assign it to user, then rename the permission, from the admin UI, the permission would not be updated in the DB for all users that had this permission... Don't know if that's intended or not

darryldecode commented 5 years ago

Hi @msurguy , currently there are two levels of permissions. The permissions inherited from the group and the special permission exclusively assigned to a user. The special permission has more priority than inherited permissions.

During permission check like $user->hasPermission(), this will check for all level, means permissions inherited and special permissions assigned specific to a user. Example if we have GROUP A that has permission to "post", and we assign USER 1 & USER 2 to GROUP A then these users will have permission to "post". In case that you don't want USER 2 to have "post" permission but still belongs to that GROUP, you will assign USER 2 a special permission to deny him from "post" permission. Since user special permissions are more superior than inherited permissions.

In other words, even if a user belongs to a group that has a permission Y, but he a special permission to deny on permission Y then he will not have permission Y.

On your 2nd concern, that is correct the user permission keys will not be updated. In this case, I think we should not allow to modify a permission "key", only the title & description of the permission. Happy coding!

patidardhaval commented 5 years ago

Waiting for history mode route in vue js

darryldecode commented 5 years ago

Hello @patidardhaval , I have no plans to make the starter kit with history mode ON by default. Because you can easily activate it yourself if you require to do so on your project. I actually have some projects with history mode activated so hashtags are removed. Here is few tips to make it work:

Add base tag w/ href on master layout Activate history mode on vue router

and you are basically done :)

msurguy commented 5 years ago

Thanks for your response, @darryldecode !