For consistency, we should aim to make all code that decides whether a user can or cannot do something use the Laravel Authorization tools (Gates, policies), along with the roles + permissions that we have from the Spatie plugin.
Specifically:
To decide if a user can access a panel, we should check if a user can access that panel. (e.g. $user->can('access admin panel'), or if($user->cannot('access program panel') { abort(403, ...) ). That way, it works with other Laravel code like the Super-Admin override we have set in the App Service Provider, and gives us flexibility because we can assign those permissions to any role(s) or users as we see fit without needing to change the code.
For consistency, we should aim to make all code that decides whether a user can or cannot do something use the Laravel Authorization tools (Gates, policies), along with the roles + permissions that we have from the Spatie plugin.
Specifically:
$user->can('access admin panel')
, orif($user->cannot('access program panel') { abort(403, ...)
). That way, it works with other Laravel code like the Super-Admin override we have set in the App Service Provider, and gives us flexibility because we can assign those permissions to any role(s) or users as we see fit without needing to change the code.