I would like to restrict access to a module based on a MiddleWare or permission or database table (customer_modules).
Do you have any suggestion on the best solution and how to handle that ?
Many thanks in advance,
Hi,
You could refer to the laravel docs for this.
This is how I'm doing things for a fairly moduler 'internal website' I've set up but would love to hear if there's a better way!
For permissions I'm using Spatie Laravel Permissions (on the app as a whole so it's used by all modules), but other permission packages would probably work, or you can role your own simple middleware to just check a user column at most basic. Most of my modules have a seed file to setup permissions and roles for that module so I can keep things protected.
For checks you can ensure quick global module access by adding to the main route group in the module the auth middleware and a role/permisions or custom middleware to check the user account is allowed:
Sample routes.php:
Route::group(
['middleware' => ['web', 'auth', 'role:admin'], 'prefix' => 'admin', 'namespace' => 'Modules\Admin\Http\Controllers'], function () {
//ALL ROUTES GO HERE
}
);
Most of my modules have a 'Module.view' permission I just check here, so I can role it out only to those who need it. For more nuanced permission checks you can define other route groups, or you can add a middleware to an entire controller, or check in a specific controller action.
So far the big issues I've found with working with permissions in modules is
A) Ensuring the middleware is put in place on the routes/controller (Actually came here to see if there's a way to make all new modules in my project default to using the 'auth' middleware).
B) If a number of your modules will need checks, prefix your permissions with the module name. I've added a 'Display name' property to the spatie permissions table so I can have: 'name'=>'Customers.addUser', 'display_name'=>'Add Customers' which ensures no conflict between modules that might naturaly have similar permission names and I can have blade checks like: @can('Customers.addUser')
//Add user button
@endcan
I did wonder when setting this up if there was a way to specify a middleware in the module somewhere, but routes makes sense and seems to work so far for me.
I would like to restrict access to a module based on a MiddleWare or permission or database table (customer_modules).
Do you have any suggestion on the best solution and how to handle that ?Many thanks in advance,
i have the same question too
can you give me some examples?