Love the idea of this library.. and I am new to ACL, but I'm having issues using this library for restricting users by permissions via role.
Firstly, I think when you check for permissions of a user model, it should never matter whether that permission is directly attached to the model or via a role.
This seperation seems to cause an issue when trying to restrict routes.
The permission middleware using the function hasAnyPermission internally.. But this fails when the user has this permissions through a role, as it dimply doesn't recognise these.
Wondering if this is by design, or an oversight? Personally I want to assign permissions to roles, assign roles to users and lock down the routes using middleware.. Then when new sections are devloped, new permissions can simply be added to a role.. and all users with that role will inherit it.
Love the idea of this library.. and I am new to ACL, but I'm having issues using this library for restricting users by permissions via role.
Firstly, I think when you check for permissions of a user model, it should never matter whether that permission is directly attached to the model or via a role.
This seperation seems to cause an issue when trying to restrict routes.
The
permissionmiddleware using the functionhasAnyPermissioninternally.. But this fails when the user has this permissions through a role, as it dimply doesn't recognise these.Wondering if this is by design, or an oversight? Personally I want to assign permissions to roles, assign roles to users and lock down the routes using middleware.. Then when new sections are devloped, new permissions can simply be added to a role.. and all users with that role will inherit it.