Skip to content

Custom Actions

Jump to bottom Edit New page
Tortue Torche edited this page Mar 17, 2015 · 4 revisions

When you define a user's authority rules for a given model, you are not restricted to the 7 RESTful actions (create, update, destroy, etc.), you can create your own.

For example, in Role Based Authorization I showed you how to define separate roles for a given user. However, you don't want all users to be able to assign roles, only admins. How do you set these fine-grained controls? Well you need to come up with a new action name. Let's call it assignRoles.

// in config/authority-controller.php # For Laravel 5.0
// in app/config/packages/efficiently/authority-controller/config.php # For Laravel 4.*
if ($user->hasRole('admin')) {
    $this->allow('assignRoles', 'User');
}

We can then check if the user has permission to assign roles when displaying the role checkboxes and assigning them.

{{-- users/edit.blade.php --}}
@if (Authority::can('assignRoles', $user))
    {{-- role checkboxes go here --}}
@endif

// UsersController.php
public function update()
{
    if (array_key_exists('user', $this->params) && array_key_exists('assign_roles', $this->params['user'])) {
        $this->authorize('assignRoles', $this->user);
    }
    // ...
}

Now only admins will be able to assign roles to users.

Add a custom footer
Add a custom sidebar
Clone this wiki locally