Reputation: 6976
model permissions - laravel fillable
I have an app that has a user type that should have a severely locked down user experience, meaning that they should only be able to update certain attributes of a model, not delete things etc. What approach could I use to make it so users making requests can only do what is set out in the user type rules, so for example I have a project model and the model has attributes,
- Name
- Price
- Start Date
- End Date
A limited user should not be able edit the price, start date, end date. Is there a way to use the fillable attribute and reset it based on the on the lever of the user that is making the request?
Upvotes: 0
Views: 540
Answers (1)
Reputation: 148
You can create a repository and handle the execution of that code in there removing fields if the user is "limited". Or you can create a function in your model and call it which would check the permissions of the logged in user.
There is no "default" way to have the fillable fields transpose to what a user role is allowed too. You will need to code that yourself.
Upvotes: 1
Related Questions
- How to create custom helper functions in Laravel
- How can I remove a package from Laravel using PHP Composer?
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- Rollback one specific migration in Laravel
- Reference - What does this error mean in PHP?
- Laravel requires the Mcrypt PHP extension
- How to set up file permissions for Laravel?
- Laravel save / update many to many relationship
- Update non-fillable field in Laravel Model