Laravel prevent user action

Question

I use laravel 5.6 for my project and entrust to handle users/roles/permissions.

But now I'm facing another problem and I don't know which way to go.

Basically on my database, I have a "general" table with x columns. Each columns represent a part of my app so there's only one row.

For example, I can have a "edit-post" columns with 0, 1 or 2.

How to prevent user to access to get/post routes based on database value ?

If edit-post equal 2, user can view edit page / post edit data.

Must I use middleware ? gates ? anything else ?

Thank for your answers.

Answer 1

As Raggib said: create a users table permission:

 Schema::create('users', function (Blueprint $table) {
    $table->increments('id');
    $table->string('role');
});

Create a middleware to check if the user has the permissions to access the record you are trying to protect:

if($loggedUser->role != 'admin'){
    // cannot edit
}

The advantage of this method is that you can add roles later. This will give you the possibility to better control who can access which records.

Answer 2

You can define your users' permission and activity according to users role . Like Admin , Moderator or Super admin . Just create a table that holds the role names with user relations and hook up authentication with it . So every time an user log in he can go to his specific territory and perform your defined activity . You can see this for better understanding