Laravel-permission: How to implement row-level permissions?

The package only allows you to add & check for permissions/roles. It wont stop anyone from updating models. It sounds like you're looking for Laravel's model policies (which can be combined with this package). Have a look at https://laravel.com/docs/5.5/authorization#creating-policies.

If you've got any more questions, let me know :)

Here's an example: https://github.com/drbyte/spatie-permissions-demo/blob/master/app/Policies/PostPolicy.php

Really this example is the missing piece that connects Laravel Authorisation and Spatie/Permission.

As most laravel developers probably already using @can('view', $post) from Laravel Model Policy, the usefulness of this package becomes a little confusing.

I understanding is, in general spatie/permission cannot support so-called _row-level permission_, because there are arbitrary conditions that you'd like to check before you may grant the permission.

spatie/permission grants permission explicitly, and serves as an additional layer on top of (with or without) Laravel Model Policy.

@COLABORATI

Did you find any solution for this?

@AlexVanderbist It would be good to add one of the examples @drbyte provided, in the README page to clear the policy question about this package.

@aminraeisi Done. https://github.com/spatie/laravel-permission/commit/0cef4e63634f8232f12d401a4b34433f42f9863b