Hello,

I tried to search for answers to my questions and well couldn't find anything after hours of searching so I decided to post here.

I found the demo code in github very useful. https://github.com/laracasts/laravel-5-roles-and-permissions-demo/blob/master/app/Providers/AuthServiceProvider.php However the closure in AuthServiceProvider.php only checks if user has 'permission' in his role. It is not possible to have custom additional checks within it like the one in the documentation:

$gate->define('update-post', function ($user, $post) {
    return $user->id === $post->user_id;
});

1- I was wondering if it is wise to store closures in the DB? perhaps in 2 columns with arguments in one and function code in another? perhaps use a 2nd argument for a closure and pass additional check operations there? But then if a plugin/addon is using custom arguments to their functions, it would be impossible) or what is the best way to accomplish this?

2- What is the advantage of registering "all" the permissions using the Gate class using a foreach loop? (wouldnt it end up loading a lot of permissions which user does not have?) Wouldn't it be better to check if permissions are registered for a user at first lookup and register only the permissions that the user has?

3- Well, since the example in laracasts-demo simply checks if user has a permission entry assigned. What would be the downside of simply making a database lookup using the user/role/permissions relations if user has a permission? (if lookup yields result, user has permission, else not?)

Thanks!