I have designed a store with Laravel 6 ,and used laravel-permission 3 for user management. I'd like to restrict every crud action by a definite permission (e.g. add product, delete product). There is a short description about using wildcard permission in Spatie, but I'm not sure about it. I don't know where is the best place in defining these restrictions.
Here is a route sample for creating and editing product and their middleware (restrictions by permissions).
Route::get('/create','Controller@create')->name('create')->middleware('permission:add product');
Route::post('/store', 'Controller@store')->name('store')->middleware('permission:add product');
Route::get('/{product}/edit', 'Controller@edit')->name('edit')->middleware('permission:edit product');
Route::patch('/{product}/update', 'Controller@update')->name('update')->middleware('permission:edit product');
I suggest that use Laravel’s Model Policies, you can find more information in the link below. https://docs.spatie.be/laravel-permission/v3/best-practices/using-policies/
Furthermore, You can find an example of implementing a model policy with this Laravel Permissions package in this demo app: https://github.com/drbyte/spatie-permissions-demo/blob/master/app/Policies/PostPolicy.php