Laravel 5 role based access control

I've made some RBAC apps, and it depends on kind of challange are you facing, e.g.

User have a role but you want a that a specific user have access to some area, like Posts, now user can edit posts like a Moderator. The permissions approach in this case suits better than just a role approach.

Define access by a slug, the other fields can be used as a reference to Super Admin, or ironically for a Editor Role, starting now, a Editor Role plus Permission to a new "area".

public function up(){    Schema::create('permissions', function (Blueprint $table) {        $table->increments('id')->unsigned();        $table->string('name');        $table->string('slug')->unique();        $table->string('description')->nullable();        $table->string('model')->nullable();    });}

As example of content data,

$createUsersPermission = Permission::create([    'name' => 'Create permissions',    'slug' => 'create.permissions',    ...]); 

And a example of usage:

if ($user->can('create.permissions') { // you can pass an id or slug    //}

Personally preference, and never used Zizaco Entrust as suggested by the other folks, but it works in the same way. Also you have levels approach too.

I did a little different, I made hasRole in UserRole , not is User(does not impact too much but as per code it should be). So Here is my route :

Route::group(['middleware' => 'auth'], function () {Route::get('/myProfile', function () {    if (App\UserRole::hasRole('ROLE_CUSTOMER',Auth::user())) {        return view('views/customer');    } else {        return 'Don\'t know where to send you :(';    }}); });

Next Thing is, the method in my UserRole. I tried to keep it simple:

public static function hasRole($authority,$user) {        $role = Role::where('authority',$authority)->first();        $userRole = UserRole::where('role_id',$role->id)                    ->where('user_id',$user->id)->first();        if($userRole){            return true;        }    }

We look for the authority(ROLE_USER, ROLE_CUSTOMER etc) and $user is User Object retrieved from DB . Everything else runs as per your question/Hope it helps!Cheers!

As there is not out of box solution available for Role based authentication in laravel. You can create a custom Role table that defines the all possible roles your application can have, and role_user table which contains association of user and roles.

You can create methods under your User model to check if user belong to a particular role. Make use of that method to register a new middleware. Middleware can be attache to routes or controllers.

Detailed demo is given in this linkhttps://www.5balloons.info/user-role-based-authentication-and-access-control-in-laravel/