Welcome Guest, Not a member yet? Register   Sign In
Shield - Permission constraint?
#1

(This post was last modified: 08-17-2024, 08:51 AM by christianberkman.)

Hi all,

currently my project is using a custom built authorization system. I am considering implementing Shield instead. However the way I need permissions is slightly different from Shield. I could summarize to say that I also need a constraint of some sort. Let me give an example.

Example permissions: child-basic:ch:r, child-sensitive:nh:w, ...

Permission structure:
  • name (child-basic)
  • constraint (ch) -- in this case the 'relation' attribute of a child entity
  • mode ® -- read, write, ...
Leaving out the constraint, I believe the Shield equivalent could be
child-basic.read, child-sensitive.write, etc...

I could, of course, generate a permission for every constraint like
child-basic.read-ch or so, but my relation Ids are somewhat dynamic. I could however update the list of permissons 

Then I would may be write my own can function:


PHP Code:
function customCan($permission$child): bool{
  // $permission: child.basic-read
  // $child: chil object  
  // Shield permissions: child.basic-read-*, child.basic-read-ch, child.basic-read-nh ...etc.
  return auth()->user()->can("{$permission}-{$child->relation_id}") || auth()->user()->can("{$permission}-*");


What would be your suggestions for the best practice?
Reply




Theme © iAndrew 2016 - Forum software by © MyBB