Laravel-permission: Permission for super admin [Question]

You can use the gate's before method to achieve that behaviour:

$gate->before(function ($user, $ability) {
    if ($user->isSuperAdmin()) {
        return true;
    }
});

More info: https://laravel.com/docs/5.1/authorization

@azeemhassni ... so, for example, in AuthServiceProvider:

use Illuminate\Contracts\Auth\Access\Gate as GateContract;

...

    public function boot(GateContract $gate)
    {
        $this->registerPolicies();

        // Grant "Super Admin" users all permissions (assuming they are verified using can() and other gate-related functions):
        $gate->before(function ($user, $ability) {
            if ($user->hasRole('Super Admin')) {
                return true;
            }
        });
    }

How can i do that in Laravel 5.5?

Does anyone have an hint for me?

The same as I posted above. Or to avoid dependency injection, use the Gate facade:

    public function boot()
    {
        $this->registerPolicies();

+        // Grant "Super Admin" users all permissions (assuming they are verified using can() and other gate-related functions):
-        $gate->before(function ($user, $ability) {
+        Gate::before(function ($user, $ability) {
+            if ($user->hasRole('Super Admin')) {
+                return true;
+            }
+        });
    }

@drbyte why do you think using the facade would be better?

... because otherwise you'll need to inject a $gate object as I did in my previous example, above.

That was exactly my question. Why using the facade is better than DI? is there a performance improvement or it's better just because you save yourself type hinting a class?

Just simpler.

If you want to use Dependency Injection, that's fine too. Do what suits your app's needs best.

After defining Gate::before it will not trigger before method in the policy class if Gate::before return true.

is there a way to only allow super admin bypass only permissions defined in this library?

After defining Gate::before it will not trigger before method in the policy class if Gate::before return true.

@asnawisaharuddin can you post your code?

I think what you're asking is a broader Laravel issue, more than just about this package. But happy to look at more details if you provide them.

in my Authserviceprovider.php i have define a Gate::before to bypass all the permission for admin.

Gate::before(function ($user, $ability) {
   if ($user->isAdmin()) {
       return true;
   }
});

I also have policy in UserPolicy.php which only allow admin user and the admin user must belong to the same organisation.

public function view(User $auth_user, User $user)
{
    return $auth_user->isAdmin() && $this->isBelongToSameOrganization($auth_user, $user);
}

it seems Gate::before will bypass all the policy defined. I have checked on IlluminateAuthAccessGate class. By declare Gate::before will bypass all the policies defined if the Gate::before function return true.

Is there a way to bypass all the permission defined in the package without bypass the policies. Because Im using multi-tenant. I need an extra checking when accessing user.

This package has the ability to authorize against roles and permissions. If you need to authorize against additional rules as well, then your application will need to provide that logic in addition.

In the example you posted it seems you should completely ignore the Gate::before approach, since it is not specific enough for your application's needs. In this case your UserPolicy is sufficient.