Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Global administrator, allowing all permissions #637

Closed
Naamloos opened this issue Jun 5, 2023 · 6 comments
Closed

Global administrator, allowing all permissions #637

Naamloos opened this issue Jun 5, 2023 · 6 comments

Comments

@Naamloos
Copy link

Naamloos commented Jun 5, 2023

Hi!

I am currently working on a project that uses Laratrust, and I was wondering if it was possible to define a role that automatically gets all allowed permissions?

Currently our system solves this by having a copy of every permission prefixed with superadmin-. I'd like to change that to a simple boolean on a role that when set to true will return success on any permission check.

Is something like this possible natively with Laratrust? I had considered overriding some methods on the LaratrustUserTrait trait, but quickly figured out that that might not be the best way?

Thank you in advance!

(This project uses laratrust 6.1.0)
@filippotoso
Copy link
Collaborator

Intercept the created event in the Permission model and attach the created permission to the superadmin role.

@Naamloos
Copy link
Author

Naamloos commented Jun 5, 2023

I don't think this quite suffices as a proper solution to this problem. It sounds more like a workaround than a proper solution.

(Thank you for your response anyway, I appreciate the effort)

@filippotoso
Copy link
Collaborator

filippotoso commented Jun 5, 2023
edited
Loading

Without modifing Laratrust behaviour there are only 2 ways to do what you need.

The first one is to keep the SuperAdmin role permissions in sync with all the available permissions (see above for the implementation)

The second one is to add a check for the SuperAdmin role everytime you check for permissions (ie. if the user has this permission OR he has the SuperAdmin role).

Otherwise, you have to change the Laratrust behaviour to check for the single permission OR check for the SuperAdmin role.

From my point of view, the first solution is the easiest and cleanest of all of them.

@Naamloos
Copy link
Author

Naamloos commented Jun 5, 2023

I am not entirely sure if this would work, but after some digging, perhaps it'd be possible to override the hasPermission method on my User class that implements the LaratrustUserTrait?

Wouldn't that hide away the trait's method for my own implementation? Since class methods take precedence over trait methods.

Correct me if I'm wrong of course, but isn't that a possible solution?

@santigarcor
Copy link
Owner

How I've made it in the past is by defining one permission that only super admins have and in side the policies i check if the user has that permission or the actually required permission. or by simply adding all the permissions to the admin.

@Naamloos
Copy link
Author

Naamloos commented Jun 6, 2023

even though it's not exactly the solution I was looking for, it is a better solution than what was proposed before, in my honest opinion. Thank you both for your help. I'll propose this change internally.

@Naamloos Naamloos closed this as completed Jun 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@santigarcor @Naamloos @filippotoso