Laravel 11 Full Course 2025: Spatie Roles and Permissions [Lesson #9] скачать в хорошем качестве

Laravel 11 Full Course 2025: Spatie Roles and Permissions [Lesson #9]

In this video we will learn how to protect our Laravel web application using Spatie Roles and Permissions package. This package allows us to assign permissions to roles and roles to users. We can then dictate what specific users can see on a page based on the permissions they possess. We can also protect entire routes based on a users permissions by using middleware. We can also determine what actions specific users can use by adding logic to our policies based on permissions. So there is a lot we can do with Spatie Roles and Permissions in Laravel to make sure our web applications are as secure as possible. for our Laravel application we are going to create one role and assign that role one permission. We will be creating an 'admin' role and assigning it a 'manage users' permission. In your own Laravel applications you would potentially have more roles and permissions but these can be added down the line if you decide you need them. Steps The first thing we need to do is install the Spatie Roles and Permissions package for Laravel in our Laravel application. Run through the installation commands found on this page (https://spatie.be/docs/laravel-permis...) and shown in the video. We will also run a migration to create the required database tables relating to roles and permissions. Next we must add the HasRoles trait to our User model. Now we have Spatie Roles and Permissions setup in Laravel, we want to seed our Laravel database with any roles and permissions that we want to use. This isn't the only way of doing this, you could create a dashboard to manage your roles and permissions, but this is more work and not necessary for what we want to achieve. Create a seeder by running the following command: php artisan make:seeder RoleSeeder Now we have our seeder we want to write the logic to create our role and permission. to do this we need to make sure we include the Spatie Role and Permission models at the top of the file using the 'use' keyword. We can then use the methods found at (https://spatie.be/docs/laravel-permis...) and seen in the video to create our role and our permission, and to assign our permission to our role. Once we have created our role and permission and assigned the permission to the role, we then need to assign this role to our user. Our application currently only has one user and this user has the id 1. So we will find this user in our database and then assign the admin role to it using. We now need to run our database seeder using the artisan command: php artisan db:seed --class=RoleSeeder Our database has now been seeded. If we take a look at our database we will see the tables relating to roles and permissions (from running the Spatie migrations earlier). We will also see some entries to these tables, these are from the role and permission we just created in our seeder. We can now start using our roles and permissions in our Laravel application. We will be checking a users permissions to see if they are able to access certain routes, resources and actions as opposed to checking their role. This is the recommended way by Spatie. We will create another user to help us see the difference in behaviour between our user with admin role and our newly created user with no role. We also want to create an admin page that will will only allow users with the 'manage users' permission to access. Once we have created this new page, we want to create a Link to it in AppLayout. We want to display this link conditionally based on the permission held by the authenticated user. The way we do this is by passing the permissions held by the currently authenticated user to the page props. We use HandleInertiaRequests middleware to send the permissions with every request and can access this in our AppLayout by using the usePage() inertia.js helper. We can then use v-if to display the link conditionally. We also want to protect the entire route so that it can only be accessed by users with 'manage users' permission. We do this by using the 'can:' middleware on the route, as seen in the video. Now we want to add logic so that users with certain permissions can perform certain actions. We apply this logic in our policies. So in our example we will allow users who can 'manage users' to perform actions usually limited to the owner of that resource. You can now use Roles & Permissions Table of contents 00:00 - Recap 00:37 - Install Spatie Roles and Permissions package 02:25 - Adding the HasRoles trait to our User model 04:50 - Creating Spatie Roles and Permissions in our database seeder 06:38 - Assigning Spatie Role to a user 08:28 - Run the database seeder 11:35 - Create a new user with no role 12:11 - Creating an admin page 18:10 - Creating link in AppLayout.vue 19:50 - Protect route with 'can:' middleware 21:10 - Conditionally show navigation link depending on permissions using HandleInertiaRequests 26:39 - Roles and Permissions in policies