Laravel-modules: Howto restrict access to module based on a Middleware or Permission ?

Created on 22 Mar 2019  路  3Comments  路  Source: nWidart/laravel-modules

I would like to restrict access to a module based on a MiddleWare or permission or database table (customer_modules).
Do you have any suggestion on the best solution and how to handle that ?

Many thanks in advance,

All 3 comments

Hi,

You could refer to the laravel docs for this.

This is how I'm doing things for a fairly moduler 'internal website' I've set up but would love to hear if there's a better way!

For permissions I'm using Spatie Laravel Permissions (on the app as a whole so it's used by all modules), but other permission packages would probably work, or you can role your own simple middleware to just check a user column at most basic. Most of my modules have a seed file to setup permissions and roles for that module so I can keep things protected.

For checks you can ensure quick global module access by adding to the main route group in the module the auth middleware and a role/permisions or custom middleware to check the user account is allowed:

Sample routes.php:

Route::group(
    ['middleware' => ['web', 'auth', 'role:admin'], 'prefix' => 'admin', 'namespace' => 'Modules\Admin\Http\Controllers'], function () {
        //ALL ROUTES GO HERE
    }
);

Most of my modules have a 'Module.view' permission I just check here, so I can role it out only to those who need it. For more nuanced permission checks you can define other route groups, or you can add a middleware to an entire controller, or check in a specific controller action.

So far the big issues I've found with working with permissions in modules is
A) Ensuring the middleware is put in place on the routes/controller (Actually came here to see if there's a way to make all new modules in my project default to using the 'auth' middleware).

B) If a number of your modules will need checks, prefix your permissions with the module name. I've added a 'Display name' property to the spatie permissions table so I can have: 'name'=>'Customers.addUser', 'display_name'=>'Add Customers' which ensures no conflict between modules that might naturaly have similar permission names and I can have blade checks like: @can('Customers.addUser') //Add user button @endcan

I did wonder when setting this up if there was a way to specify a middleware in the module somewhere, but routes makes sense and seems to work so far for me.

I would like to restrict access to a module based on a MiddleWare or permission or database table (customer_modules).
Do you have any suggestion on the best solution and how to handle that ?

Many thanks in advance,

i have the same question too
can you give me some examples?

Was this page helpful?
0 / 5 - 0 ratings

Related issues

pawlox picture pawlox  路  4Comments

ojasseh picture ojasseh  路  3Comments

dagulo picture dagulo  路  3Comments

abiodunjames picture abiodunjames  路  5Comments

sujit-baniya picture sujit-baniya  路  4Comments