Beartropy Permissions
Protecting Routes
It's recommended to protect the permissions management interface with authorization middleware.
Using Configuration Middleware
The simplest way is to add authorization middleware in the configuration:
1// config/beartropy-permissions.php2'route_middleware' => ['web', 'auth', 'can:manage-permissions'],Custom Middleware
You can also create a custom middleware for more control:
1<?php 2 3namespace App\Http\Middleware; 4 5use Closure; 6use Illuminate\Http\Request; 7 8class EnsureUserCanManagePermissions 9{10 public function handle(Request $request, Closure $next)11 {12 if (! $request->user()?->hasRole('super-admin')) {13 abort(403);14 }15 16 return $next($request);17 }18}Registering Middleware
Then add the middleware to your configuration:
1// config/beartropy-permissions.php2'route_middleware' => ['web', 'auth', EnsureUserCanManagePermissions::class],Using Gates
You can define a gate in your AuthServiceProvider then use the can: middleware:
1// app/Providers/AuthServiceProvider.php2use Illuminate\Support\Facades\Gate;3 4public function boot(): void5{6 Gate::define('manage-permissions', function ($user) {7 return $user->hasRole('super-admin');8 });9}
Current version:
0.1.2