Role permission to manage other role

[lilian21]

Hi there,

I'm relatively new to Laravel and I just installed LESK. I'm trying to setup a scenario where I want to give permissions for some roles to manage other role(s) (one non-superadmin role can manage lower-level roles, down to users but shouldn't have permissions for higher-level). Can it be done through existing implementation?
Thank you and good job,
Lilian

[sroutier]

Hello Lilian,

Welcome to Laravel, I come from .Net , Java and Ruby myself but I find Laravel very refreshing, I hope you enjoy it as much as I do.

You have a very interesting idea. Currently LESK does not have the ability to allow roles to manage some roles but no others, but it can definitely be implemented. In fact I would encourage you to give it a try and submit a PR. This is a feature that would be useful to a lot of users.

Here are a few thoughts, I have had on this subject:

1. A role should be allowed/granted the ability to manage some roles but not others.
   1. The IT-Managers role should be able to manage IT-Employees but not HR-Employees.
2. A role should be able to manage multiple sub-roles.
   1. The IT-Managers role should be able to manage both IT-Employees and IT-Contractors.
3. A role should be able to be managed by multiple parent-role.
   1. The IT-Contractors role should be able to be managed by IT-Managers, HR-Managers and HR-Employees.
4. A role should not be allowed to grant all permissions in the system to another role, only the permissions that it has itself.
   1. The HR-Managers role should not be allowed to grant the Access-Secret-IT-Report permission to the HR-Employees, because it does not have the permission itself.

I would create a many-to-many relationship to keep track of all this. We can discuss the various different ways to implement it if you want and I can assist you if you have any questions. Getting your hand dirty is by far the best way to start really learning.

Let me know what you think.
Cheers.
/Seb.