Support the ongoing development of Laravel.io →
posted 9 years ago
Security

Hello,

I tried to search for answers to my questions and well couldn't find anything after hours of searching so I decided to post here.

I found the demo code in github very useful. https://github.com/laracasts/laravel-5-roles-and-permissions-demo/blob/master/app/Providers/AuthServiceProvider.php However the closure in AuthServiceProvider.php only checks if user has 'permission' in his role. It is not possible to have custom additional checks within it like the one in the documentation:

$gate->define('update-post', function ($user, $post) {
    return $user->id === $post->user_id;
});

1- I was wondering if it is wise to store closures in the DB? perhaps in 2 columns with arguments in one and function code in another? perhaps use a 2nd argument for a closure and pass additional check operations there? But then if a plugin/addon is using custom arguments to their functions, it would be impossible) or what is the best way to accomplish this?

2- What is the advantage of registering "all" the permissions using the Gate class using a foreach loop? (wouldnt it end up loading a lot of permissions which user does not have?) Wouldn't it be better to check if permissions are registered for a user at first lookup and register only the permissions that the user has?

3- Well, since the example in laracasts-demo simply checks if user has a permission entry assigned. What would be the downside of simply making a database lookup using the user/role/permissions relations if user has a permission? (if lookup yields result, user has permission, else not?)

Thanks!

Last updated 3 years ago.
0

Your gate (permission) definition is the first step, then the permission check in either a Middleware (which is preferable in most cases), or a model Policy gives you opportunity to perform additional checks.

If you want more control and to store everything in the DB, you may want to check the Entrust Package.

0

Sign in to participate in this thread!

Eventy

Your banner here too?

yurtesen yurtesen Joined 24 May 2016

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2025 Laravel.io - All rights reserved.