Assign roles to a team rather than a user
Hello, i hope this is allowed here but im desperate for help as i've been struggling for days on this.
This is my first project and the first time i'm using the spatie permissions package.
I've read the documentation multiple times and i'm still confused and facing a problem.
I am working on a project with the following structure:
Teams (tenants)
Team members
Users
Roles
Permissions
Subscriptions
(Filament) panels:
Admin panel (for devs & admins)
App panel (can only be accessed through a 'public' team/tenant.)
All users have a personal team (a private team/tenant).
A personal team can only have roles and nothing more.
So i assign the Global Admin role to one's personal team and that's how he can access the admin panel.
In order to be able to use the app/software, one must be in a 'public' team so he or she can access the team resources and data in the app panel.
So app data (example, a social media account) is always linked to a team so that the entire team can manage (the social media account) data.
I have three types of roles:
Global roles (such as Global admin, Global developer, Global moderator)
Team member roles (Example, someone else besides the team owner should be able to invite and remove members)
Subscription roles (Subscriptions are linked to a team rather than a user.)
So basically the team should access certain features based on the package that the team has subscribed to.
Up until now i was able to assign roles to team members and was able to verify whether a user has access to a permission for the team/tenant using setPermissionTeamId.
But doing something like $team->can('use function') is impossible because the team cannot use 'can' it says.
How can i assign roles to the entire team rather than one team member?
I would love to use this package but is it possible within the structure im working on?
Or are there better aproaches/structures for the same goal?
Would love to get some advice on this.
13 Replies
Up!
Would live to hear from someone who got experience with this!
Permissions and roles have to be assigned to a user specifically. A “team” is not an authenticatable model. There’s no way to verify the authenticity of a “team”
If a user is not part of a team they will get rejected by default, so then it’s just about whether or not that user can perform actions against the models that team has access to.
Ah that's sad!
Do you have any suggestions for my goal?
Like how i can assign permissions to the entire team rather than a team member.
You can’t.
alright, so ill have to work on my own implementation
There’s no way to authenticate as a “team”
You could create roles based on the team and then give the users of that team the said role.
But the authorization depends on the individual user, not the team.
Hmm that's a good one
Im thinking of giving all users certain roles by default
depending on the team subscrib
Because users can have multiple roles within a team
Yea. That might be the best way to do it.
Thank you very very much Awcodes!
Hope you figure it out.
ty
Roles and permissions is one of the most complicated things, throw in tenancy too and gets to be a mind bender.
Hahah i can tell! I've been struggling with this for days.