Laravel Spatie /多租户权限过滤器

I have 3 main models:

Users
Branches
Objects

Every user will belong to a Branch and a Branch will have many Users.

Objects will belong to Users and to Branch as well, so Objects has a user_id as well as a branch_id like so:

//Objects DB table tructure
[
 "id",
 "name",
 "branch_id",
 "user_id",
 "created_at",
 "updated_at",
]

So this is my current setup:

Models/Branch.php

public function users()
{
    return $this->hasMany(User::class);
}

Models/Users.php

public function branch()
{
    return $this->belongsTo(Branch::class);
}

Models/Objects.php

public function user()
{
    return $this->belongsTo(User::class);
}

Now I've setup Spatie/Permission with following Roles:

Super-Admin: will see every Objects of every Branch
Admin: will see every Objects of its own Branch and not from other Branches
User: will see every Objects he created an not any other in his own Branch or outside of it

My point now is to list all Objects based off of the User permission. My first idea is to build relations based on models, but I'm not sure this is a good idea and practice, this is the code:

public function objects(){

    $user = auth()->user();

    if ($user->hasRole("Super-Admin")) {
        return Object::query();
    }

    if ($user->hasRole("Admin")) {
        return Object::where('branch_id', '=', $user->branch()->pluck('id'));
    }

    return $this->hasMany(Object::class);

}

Does this make sense at all? Should I use any other more appropriate Laravel functionalities/API?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duanhua5523 2019-02-15 13:41
关注
The aproach you are using does make sense, the only thing that concerns me is using the authenticated user inside a function on the model.

That could cause same conflicts, for example if a super-admin wants to see the objects of a normal user then this function is no good for you because all the time you are going to retrieve the objects of the super-admin.

i would use your function as follows

public function objects(){ if ($this->hasRole("Super-Admin")) { return Object::query(); } if ($this->hasRole("Admin")) { return Object::where('branch_id', '=', $this->branch()->pluck('id')); } return $this->hasMany(Object::class); }

And then on the Controllers when using

$user->objects();

you are retrieving the objects of the user object you have at the given time
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

Laravel 3 / Eloquent ORM：扩展其他模型的模型 laravel php
2013-07-02 15:25

回答 1 已采纳 You cannot and should not do this since peculiar_items is its own table. With that said, in your
使用Behat / Mink和Behat Laravel Extension测试多租户Laravel应用程序 php
2015-04-24 13:57

回答 3 已采纳 After a short while I revisited this problem and found a rather simple solution to be used in my F
mybatis-plus多租户忽略租户 java
2022-07-20 07:57

回答 2 已采纳默认只支持注解方法，才能给你return，你可以继承TenantLineInnerInterceptor，自己改写beforeQuery，在前面加入自己的业务，比如ThreadLocal存入一个标记，
探索 Laravel 多租户解决方案：spatie/laravel-multitenancy
2024-05-15 10:02

孔岱怀的博客探索 Laravel 多租户解决方案：spatie/laravel-multitenancy laravel-multitenancyMake your Laravel app usable by multiple tenants项目地址:https://gitcode.com/gh_mirrors/la/laravel-multitenancy 在现代 Web...
小程序如何实现多租户微信支付 spring boot 小程序微信
2021-11-19 14:55

回答 1 已采纳可以参与这个 https://developers.weixin.qq.com/community/develop/doc/0006ceeb9480f0f84dd777cf85b400
Satoken多账户模式下如何使用注解进行权限验证 java 有问必答
2021-05-19 20:05

回答 2 已采纳文档上面都写的很清楚啊，需要新建一个新的权限验证类StpUserUtil，然后将StpUtil类的代码拷贝过去，修改里面的账号体系标识KEY，然后再@SaCheckLogin(key = StpUse
高朗的多租户 sql
2018-09-28 17:01

回答 1 已采纳 I cannot find any ORM for Go that supports multiple tenants out there. Is writing my own on top
Laravel 多租户套餐 - spatie/laravel-multitenancy 指南
2024-08-22 08:54

裘羿洲的博客 Laravel 多租户套餐 - spatie/laravel-multitenancy 指南 laravel-multitenancyMake your Laravel app usable by multiple tenants项目地址:https://gitcode.com/gh_mirrors/la/laravel-multitenancy 项目介绍 ...
Azure AD SSO = AADSTS50020 - 多租户，如何允许外部租户注册我的应用？ php
2019-02-11 16:18

回答 1 已采纳 The Azure B2B collaboration let you share your organization applications with guest users from any
关于前后端分离项目中的租户设置问题 java
2022-09-15 10:27

回答 2 已采纳不同公司的数据是否在同一个数据库呢，不同的话可以考虑多数据源
GAE多租户和交易-Go
2013-11-25 06:15

回答 2 已采纳 Two things to note: Namespace is part of the key of the entity, so transaction will work only fo
多租户php,[扩展推荐] Spatie 出品的多租户 Laravel 扩展包
2021-04-21 09:08

weixin_39807896的博客最近 Spatie 发布了一个新 Laravel 的扩展 multitenancy ，该扩展主要帮助您快速搭建多租户系统：laravel-multitenancy 扩展发布地址：t.co/q9HzfkNw7w该扩展理念是提供您实现多租户的基本要素。— Freek Van der ...
tenancy:Laravel 的自动多租户。无需更改代码
2021-07-23 22:28

Laravel 应用程序的自动多租户。您不必更改应用程序代码中的任何内容。 :check_mark: 没有模型特征来改变数据库连接 :check_mark: 没有用租户感知类替换 Laravel 类（ Cache ， Storage ，...） :check_mark: 基于...
laravel-multitenant:Laravel的单数据库多租户解决方案
2021-05-24 06:51

Laravel多租户 所有租户使用的共享数据库意味着我们将所有租户的数据保存在同一数据库中。为了隔离特定于租户的数据，我们必须向每个特定于租户的表中添加一个区分列，如tenant_id ，并确保所有查询和命令都将基于...
Multitenancy_laravel:Laravel中的多租户系统
2021-03-15 03:02

在压缩包文件`Multitenancy_laravel-main`中，很可能包含了一个实现Laravel多租户的示例项目，包括了必要的模型、控制器、中间件和其他辅助类。你可以通过研究这个项目来理解多租户系统如何在实践中工作，以及如何将...
没有解决我的问题, 去提问

悬赏问题

¥15 乌班图ip地址配置及远程SSH
¥15 怎么让点阵屏显示静态爱心，用keiluVision5写出让点阵屏显示静态爱心的代码，越快越好
¥15 PSPICE制作一个加法器
¥15 javaweb项目无法正常跳转
¥15 VMBox虚拟机无法访问
¥15 skd显示找不到头文件
¥15 机器视觉中图片中长度与真实长度的关系
¥15 fastreport table 怎么只让每页的最下面和最顶部有横线
¥15 java 的protected权限，问题在注释里
¥15 这个是哪里有问题啊？

Laravel Spatie /多租户权限过滤器

1条回答 默认 最新

悬赏问题

1条回答默认最新