LARAVEL

How to Protect Route

from unauthorized
users?

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Spatie Permissions

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Install package
WHY LARAVEL?
composer require spatie/laravel-permission

sharjeelwakeel837@gmail.com

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

In config/app.php, add
WHY
the LARAVEL?
ServiceProvider
'providers' => [
Spatie\Permission\PermissionServiceProvider::class,
];
sharjeelwakeel837@gmail.com

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Publish the config

WHY LARAVEL?
php artisan vendor:publish --
provider="Spatie\Permission\PermissionServiceP
rovider"

sharjeelwakeel837@gmail.com

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Run the Migrations

WHY LARAVEL?
php artisan migrate

sharjeelwakeel837@gmail.com

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Add the necessary trait to

WHY LARAVEL?
your User model

use Spatie\Permission\Traits\HasRoles;

sharjeelwakeel837@gmail.com
use HasRoles;

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Create Permissions
use Spatie\Permission\Models\Role;
WHY LARAVEL?
use Spatie\Permission\Models\Permission;

$role = Role::create(['name' => 'writer']);

$permission =sharjeelwakeel837@gmail.com
Permission::create(['name' => 'edit
articles']);

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Assign A Permission To A
Role
WHY LARAVEL?

$role->givePermissionTo($permission);

$permission->assignRole($role);
sharjeelwakeel837@gmail.com

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Sync Permissions To A Role

WHY LARAVEL?

$role->syncPermissions($permissions);

$permission->syncRoles($roles);
sharjeelwakeel837@gmail.com

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Remove Permission From A

Role
WHY LARAVEL?

$role->revokePermissionTo($permission);

$permission->removeRole($role);
sharjeelwakeel837@gmail.com

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Get Permissions For A

User

permissions
// get a list of all directly assigned
$permissionNames = $user->getPermissionNames()

WHY LARAVEL?
$permissions = $user->permissions;

// get all permissions for the user, either directly, or

from roles, or from both
$permissions = $user->getDirectPermissions();
;$permissions = $user->getPermissionsViaRoles();
$permissions =sharjeelwakeel837@gmail.com
$user->getAllPermissions();// get
the names of the user's roles
$roles = $user->getRoleNames(); // Returns a
collection
https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Middlewares
WHY LARAVEL?

sharjeelwakeel837@gmail.com

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

For checking against a

single permission
WHY LARAVEL?
Route::group(['middleware' => ['can:publish
articles']], function () {

sharjeelwakeel837@gmail.com
//});

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

package comes with

RoleMiddleware,
PermissionMiddleware
WHY LARAVEL? and
RoleOrPermissionMiddlew-
are middleware.
You can add them inside
sharjeelwakeel837@gmail.com

your app/Http/Kernel.php
file
https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

LARAVEL 9 (AND OLDER)

protected $routeMiddleware =
[
'role' =>
WHY LARAVEL?
\Spatie\Permission\Middlewares\RoleMiddleware:
:class,
'permission' =>
\Spatie\Permission\Middlewares\PermissionMiddl
eware::class,
'role_or_permission' =>
sharjeelwakeel837@gmail.com
\Spatie\Permission\Middlewares\RoleOrPermissio
nMiddleware::class,
];

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

LARAVEL 10
protected $middlewareAliases =
[
'role' =>
WHY LARAVEL?
\Spatie\Permission\Middlewares\RoleMiddleware:
:class,
'permission' =>
\Spatie\Permission\Middlewares\PermissionMiddl
eware::class,
'role_or_permission' =>
sharjeelwakeel837@gmail.com
\Spatie\Permission\Middlewares\RoleOrPermissio
nMiddleware::class
,];

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

you can protect your routes

using middleware rules:
WHY LARAVEL?
Route::group(['middleware' => ['role:super-
admin']], function () {
//})
;Route::group(['middleware' =>
['permission:publish articles']], function
sharjeelwakeel837@gmail.com () {
//});

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Middleware with Controllers

WHY LARAVEL?
public function __construct(){
$this->middleware(['role:super-
admin','permission:publish articles|edit articles']);}
sharjeelwakeel837@gmail.com

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

WHYBlade
LARAVEL?

sharjeelwakeel837@gmail.com

https://www.linkedin.com/in/sharjeel-wakeel/
 LARAVEL

Permissions
@can('edit articles') //@endcan

Roles
WHY LARAVEL?
@role('writer')
I am a writer
!@else
I am not a writer...
@endrolesharjeelwakeel837@gmail.com

https://www.linkedin.com/in/sharjeel-wakeel/