Users
Your Eloquent User model should make use of the HasRoles trait. It enables assigning and un-assigning of roles. (See setup).
Assign Roles
Use the assignRoles() method to assign one or more roles to a user. The method behaves similarly as the grantPermissions() method, in that it too accepts a variety of argument types:
- slugs
- ids
Rolemodel instanceCollectionof role model instances- array of slugs, ids or role model instances.
$role = Role::findBySlug('flight-manager');
// Assign single role
$user->assignRoles($role);
// ... Or via array...
$user->assignRoles([ 'editor', 'reviewer', 'flight-manager' ]);
// ... Or single role via slug
$user->assignRoles('flight-manager');
Un-assign Roles
When you need to un-assign roles, then use the unassignRoles(). It accepts the same type of arguments as the assignRoles() method.
$user->unassignRoles([ 'editor', 'flight-manager' ]);
Un-assign all roles
The unassignAllRoles() method can be used when you need to un-assign all roles for a user.
$user->unassignAllRoles();
Synchronise roles
If you require synchronising granted permissions, then use the syncPermissions() method.
To synchronise assigned roles, use the syncRoles() method.
// Regardless of what roles previously were assigned,
// the user will now only be assign to the given roles...
$user->syncRoles([
'editor',
'reviewer',
'flight-manager',
]);
For additional information about relations synchronisation, please review Laravel's documentation.
Check user's roles
Determining what roles are assigned to a given user, can be achieved via the following methods:
Has role
The hasRoles() method returns true, if given role is assigned to the user.
echo $user->hasRoles('editor'); // e.g. false (0)
Has all roles
To determine if a user has multiple roles assigned, use the hasAllRoles(). The method only returns true, if all given roles are assigned.
echo $user->hasAllRoles([ 'editor', 'reviewer' ]); // e.g. false (0)
Has any roles
To determine if a user is assigned either (one of) of given roles, use the hasAnyRoles() method.
// Returns true if either role is assigned
echo $user->hasAnyRoles([ 'editor', 'reviewer' ]); // e.g. true (1)
Check user's permissions
During runtime, if you have defined permissions in the AuthServiceProvider (See setup), you can use Laravel's builtin mechanisms to check a user's permissions.
<?php
namespace App\Http\Controllers;
use App\Http\Controllers\Controller;
use App\Models\Flight;
use Illuminate\Http\Request;
class FlightController extends Controller
{
public function update(Request $request, Flight $flight)
{
if (!$request->user()->can('flights.update', $flight)) {
abort(403);
}
// The current user can update the flight post...
}
}
Cached permissions
It is important to understand that when using the ACL Registrar in your AuthServiceProvider, all permissions will be cached. Unless you are aware of this, you can experience unexpected behavior, should you change a user's roles, permissions...etc.
See Cached Permissions section for additional information.
Manual database check
Should you require checking if a user is granted a specific permission, without using the cache, then you may use the hasPermission() method. It ONLY accepts a Permission model instance as argument and will perform a database query, to determine whether the user is granted the given permission or not.
$permission = Permission::findBySlug('flights.destroy');
echo $user->hasPermission($permission); // E.g. true (1)