Search code examples
phplaravelrolesprivileges

Whats the best way to store user role permissions in Laravel 5?

I'm building a web app in Laravel 5.2. I'm relatively new to Laravel, and want to follow best practices. I have a table called Roles that have several named user roles (i.e.: admin, editor, etc). I want the admin to be able to edit the permissions for these roles and create new ones. What would be the best way to store the permissions?

  1. Use an integer field with each bit representing one permission? (I think this would quickly get out of hand)
  2. Use a pivot table and a many-many connection to permissions?
  3. Use a string field and just serialize the chosen privileges?

New privileges are likely to be added in the future, and my goal is to be able to easily determine if a user has a certain role or not. I.e.: $user->roles->hasAdmin() or something simirar.

Solution

  • You may want to borrow best practices for role/permissions table from the Laravel Entrust package:

        // Create table for storing roles
    Schema::create('{{ $rolesTable }}', function (Blueprint $table) {
        $table->increments('id');
        $table->string('name')->unique();
        $table->string('display_name')->nullable();
        $table->string('description')->nullable();
        $table->timestamps();
    });

    // Create table for associating roles to users (Many-to-Many)
    Schema::create('{{ $roleUserTable }}', function (Blueprint $table) {
        $table->integer('user_id')->unsigned();
        $table->integer('role_id')->unsigned();

        $table->foreign('user_id')->references('{{ $userKeyName }}')->on('{{ $usersTable }}')
            ->onUpdate('cascade')->onDelete('cascade');
        $table->foreign('role_id')->references('id')->on('{{ $rolesTable }}')
            ->onUpdate('cascade')->onDelete('cascade');

        $table->primary(['user_id', 'role_id']);
    });

    // Create table for storing permissions
    Schema::create('{{ $permissionsTable }}', function (Blueprint $table) {
        $table->increments('id');
        $table->string('name')->unique();
        $table->string('display_name')->nullable();
        $table->string('description')->nullable();
        $table->timestamps();
    });

    // Create table for associating permissions to roles (Many-to-Many)
    Schema::create('{{ $permissionRoleTable }}', function (Blueprint $table) {
        $table->integer('permission_id')->unsigned();
        $table->integer('role_id')->unsigned();

        $table->foreign('permission_id')->references('id')->on('{{ $permissionsTable }}')
            ->onUpdate('cascade')->onDelete('cascade');
        $table->foreign('role_id')->references('id')->on('{{ $rolesTable }}')
            ->onUpdate('cascade')->onDelete('cascade');

        $table->primary(['permission_id', 'role_id']);
    });