Laravel Roles and Permissions: All CORE Things You Need To Know

You are single handedly responsible for saving PHP from dying.

after 2 years still useful ❤

WTF! You explained very well compare with any video that I saw, probably I'll take a few curses from your site.

Cheers from Mexico

Thank you!!

Your videos are really a great help - thank you so much 👍🏻

hi do you offer complete free laravel tutorials series from beginning to advanced?

How to create enewspaper site in my laravel 9

thank you i finished first level and now i am on the second level on the path learning on your website <3

Very well explained. Exactly what I was looking for

how implement authorization on front end like vue js

Thank you very much, my controller was a mess validating all this stuff without any technique!

What you think about creating a RoleEnum instead of consts inside the model?

Thanks a lot for your great examples, I've struggled a lot with these concepts, but now, it is very clear to me.

Thank you!!

Thank you Mr. Povilas,

Awesome, thanks!

Interesting video, thanks! Can I use two gates in $this->authorize without creating a policy? something like $this->authorize([tasks.update or projects.update]) I can't find a simple way to do it.

TY, so if I have a user with multiple roles, do all the logic come in the Policy class right?

can we just use if else statement to control what the user can see or not? I just think gates and policies complicates things.

How would you implement multiple roles / actions per user, would you just create a roles table with user_roles table 1 to many relationship?

I have learned lots of advanced Laravel topics from your tutorials. I almost watched all of your videos. thanks

Congratz on the channel, it is one of the best I found about Laravel. I thought about asking how you deal with business related validation rules. In one of my projects, I develop a platform where you can advertise your real estate properties. Basically, you choose a plan that has a membership fee and a monthly fee. Apart from that, you optionally buy other services together with the plan . For now, you can only hire one plan per order. So, the order model is basically {id, plan_id, property_id, ...} and then there is a pivot table to link service items. Thing is, there is a requirement to allow the user to delete an order only if the order is either just created and not yet paid or the payment has failed, and similarly to only delete a property if it has no open orders.

Where would you put this validation?

really good explanations, thank you so much

Thank you for your video !!!!!

Nice video, Quick question...Is it possible to assign abilities dynamically from Database records using Gates, assigned to the Auth::id();?

Videos like these give me hope. Reading through the docs is one thing but seeing a practical way of using it is another. You and Code with Dary are the best channels to learn laravel

how to use gates for multiple guards. Is it okay to use duplicate Gate names for separate guard roles?

Thanks for the video! great help!

thanks u sir

Got stuck at authorization part of the documentation. this video really helped me out!

I can't thank you enough. I'm a beginner , Your suggestions,tips helped me grow so fast. My codes are better than before , my understanding has increased. You have boosted and cleared my confusions like so easy with every practical examples. I have completed Advance Beginner path within 4 months from since I installed Laravel on my pc, done some small solo projects for practice. I'm about to join as a Jr. Software Engineer. Soon gonna join your paid courses. Thank You so much . and also I hate X-slot in breeze :) but you made my day with that explanation video how you reverse engineered it , i tried it myself but I couldn't finish it because of some terms that i was unclear.

Very useful ... i appreciate it .. thank you Sir!

Let's suppose we have scenario
We have multiple admins and users.
User can be assigned to only one admin.
According to this code admin can change record of user which is not assigned to him.
How to deal with that

This is incredibly helpful. Thank you.

@LaravelDaily
Thanks for all those great Videos. I've got a question regarding this topic thinking a bit over the top about separating Frontend and Admin/Backend.

How would you do Kernel.php separation if one wants to separate these bootstraps f.e. using different components and so on? So likely I don't even want the frontend Kernel.php to include stuff that I really only want to have in Admin/Backend part?

Pre-Spoiler... I already had some success on that delegating from the generic Kernel.php to an extended Backend/Kernel and Frontend/Kernel by using Route-Group as separator ("/" and "/admin"). But there's still one caveat when trying f.e. to enable the debug-toolbar which somehow doesn't inject anymore as it looks like somehow it's trying to do that on level of the original Kernel and not the final Kernel processing the bootstrap afterwards.

I'm curious about your feedback and/or a video about that or which else way you would suppose to do this in a clean way?!

Thanks a lot for helpful videos. I have a question. We have implemented LDAP record package, and our company employees can log in into system using their domain credentials without registration. How I can add Spatie roles and permissions for those users with keeping LDAP login mechanism? Is it possible?

Can we do as much as spatie/laravel-permission does with just laravel core policies? Can you pls make more videos for it

Very Helpful, thanks, brother.

great work :) nice tutorial

I like how explain it and really clean, can you do this in database driven permissions and roles?

How can we apply the role and permission to more than one model?

I want to take your course on "Laravel Roles and Permissions" but it's not available

So lovely 😍

Hi. Can I ask you to do a video turorial on how to use bouncer. If you can demo it using the crud and admin / user viewing and not viewing buttons that will be great.

Perfect explanation about authorization in laravel. Thank you.

You saved me with this policies approach. I can't get the AuthServiceProvider working and didn't know that I had to use $this->authorize. Thanks a lot

Can we use Model Policy to authorize if a certain Post can be edited according It's Post state. For example If Post is published and we don't want published post to be edited, can we use policies for that? Should we always use Policy methods to authorize if User can or cannot. What do you think? Is it a good practise?