Defining a Super-Admin | laravel-permission | Spatie SPATIE Laravel Permission ===================== spatie.be/open-source [Docs](https://spatie.be/docs) [Laravel-permission](https://spatie.be/docs/laravel-permission/v4) Basic-usage Defining a Super-Admin Version v7 v6 v5 v4 v3 Other versions for crawler [v7](https://spatie.be/docs/laravel-permission/v7) [v6](https://spatie.be/docs/laravel-permission/v6) [v5](https://spatie.be/docs/laravel-permission/v5) [v4](https://spatie.be/docs/laravel-permission/v4) [v3](https://spatie.be/docs/laravel-permission/v3) - [ Introduction ](https://spatie.be/docs/laravel-permission/v4/introduction) - [ Support us ](https://spatie.be/docs/laravel-permission/v4/support-us) - [ Prerequisites ](https://spatie.be/docs/laravel-permission/v4/prerequisites) - [ Installation in Laravel ](https://spatie.be/docs/laravel-permission/v4/installation-laravel) - [ Installation in Lumen ](https://spatie.be/docs/laravel-permission/v4/installation-lumen) - [ Upgrading ](https://spatie.be/docs/laravel-permission/v4/upgrading) - [ Questions and issues ](https://spatie.be/docs/laravel-permission/v4/questions-issues) - [ Changelog ](https://spatie.be/docs/laravel-permission/v4/changelog) - [ About us ](https://spatie.be/docs/laravel-permission/v4/about-us) Basic Usage ----------- - [ Basic Usage ](https://spatie.be/docs/laravel-permission/v4/basic-usage/basic-usage) - [ Direct Permissions ](https://spatie.be/docs/laravel-permission/v4/basic-usage/direct-permissions) - [ Using Permissions via Roles ](https://spatie.be/docs/laravel-permission/v4/basic-usage/role-permissions) - [ Wildcard permissions ](https://spatie.be/docs/laravel-permission/v4/basic-usage/wildcard-permissions) - [ Blade directives ](https://spatie.be/docs/laravel-permission/v4/basic-usage/blade-directives) - [ Defining a Super-Admin ](https://spatie.be/docs/laravel-permission/v4/basic-usage/super-admin) - [ Using multiple guards ](https://spatie.be/docs/laravel-permission/v4/basic-usage/multiple-guards) - [ Using artisan commands ](https://spatie.be/docs/laravel-permission/v4/basic-usage/artisan) - [ Using a middleware ](https://spatie.be/docs/laravel-permission/v4/basic-usage/middleware) - [ Example App ](https://spatie.be/docs/laravel-permission/v4/basic-usage/new-app) Best Practices -------------- - [ Roles vs Permissions ](https://spatie.be/docs/laravel-permission/v4/best-practices/roles-vs-permissions) - [ Model Policies ](https://spatie.be/docs/laravel-permission/v4/best-practices/using-policies) - [ Performance Tips ](https://spatie.be/docs/laravel-permission/v4/best-practices/performance) Advanced usage -------------- - [ Testing ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/testing) - [ Database Seeding ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/seeding) - [ Exceptions ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/exceptions) - [ Extending ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/extending) - [ Cache ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/cache) - [ UUID ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/uuid) - [ PhpStorm Interaction ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/phpstorm) - [ Other ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/other) - [ Timestamps ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/timestamps) - [ UI Options ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/ui-options) You are viewing the documentation for **an older version** of this package. You can check the version you are using with the following command: ` composer show spatie/laravel-permission ` Defining a Super-Admin ====================== We strongly recommend that a Super-Admin be handled by setting a global `Gate::before` or `Gate::after` rule which checks for the desired role. Then you can implement the best-practice of primarily using permission-based controls (@can and $user->can, etc) throughout your app, without always having to check for "is this a super-admin" everywhere. Best not to use role-checking (ie: `hasRole`) when you have Super Admin features like this. `Gate::before` ------------------------------------------------------------------------------------------ If you want a "Super Admin" role to respond `true` to all permissions, without needing to assign all those permissions to a role, you can use Laravel's `Gate::before()` method. For example: ``` use Illuminate\Support\Facades\Gate; class AuthServiceProvider extends ServiceProvider { public function boot() { $this->registerPolicies(); // Implicitly grant "Super Admin" role all permissions // This works in the app by using gate-related functions like auth()->user->can() and @can() Gate::before(function ($user, $ability) { return $user->hasRole('Super Admin') ? true : null; }); } } ``` NOTE: `Gate::before` rules need to return `null` rather than `false`, else it will interfere with normal policy operation. [See more.](https://laracasts.com/discuss/channels/laravel/policy-gets-never-called#reply=492526) Jeffrey Way explains the concept of a super-admin (and a model owner, and model policies) in the [Laravel 6 Authorization Filters](https://laracasts.com/series/laravel-6-from-scratch/episodes/51) video and some related lessons in that chapter. `Gate::after` --------------------------------------------------------------------------------------- Alternatively you might want to move the Super Admin check to the `Gate::after` phase instead, particularly if your Super Admin shouldn't be allowed to do things your app doesn't want "anyone" to do, such as writing more than 1 review, or bypassing unsubscribe rules, etc. The following code snippet is inspired from [Freek's blog article](https://murze.be/when-to-use-gateafter-in-laravel) where this topic is discussed further. ``` // somewhere in a service provider Gate::after(function ($user, $ability) { return $user->hasRole('Super Admin'); // note this returns boolean }); ```