##Assigning Roles
A role can be assigned to any user:
$user->assignRole('writer');
$user->assignRole('writer', 'admin');
$user->assignRole(['writer', 'admin']);
A role can be removed from a user:
$user->removeRole('writer');
Roles can also be synced:
$user->syncRoles(['writer', 'admin']);
##Checking Roles
You can determine if a user has a certain role:
$user->hasRole('writer');
$user->hasRole(['editor', 'moderator']);
You can also determine if a user has any of a given list of roles:
$user->hasAnyRole(['writer', 'reader']);
$user->hasAnyRole('writer', 'reader');
You can also determine if a user has all of a given list of roles:
$user->hasAllRoles(Role::all());
You can also determine if a user has exactly all of a given list of roles:
$user->hasExactRoles(Role::all());
The assignRole
, hasRole
, hasAnyRole
, hasAllRoles
, hasExactRoles
and removeRole
functions can accept a
string, a \Spatie\Permission\Models\Role
object or an \Illuminate\Support\Collection
object.
##Assigning Permissions to Roles
A permission can be given to a role:
$role->givePermissionTo('edit articles');
You can determine if a role has a certain permission:
$role->hasPermissionTo('edit articles');
A permission can be revoked from a role:
$role->revokePermissionTo('edit articles');
Or revoke & add new permissions in one go:
$role->syncPermissions(['edit articles', 'delete articles']);
The givePermissionTo
and revokePermissionTo
functions can accept a
string or a Spatie\Permission\Models\Permission
object.
NOTE: Permissions are inherited from roles automatically.
##What Permissions Does A Role Have?
The permissions
property on any given role returns a collection with all the related permission objects. This collection can respond to usual Eloquent Collection operations, such as count, sort, etc.
$role->permissions;
$role->permissions->pluck('name');
count($role->permissions);
$role->permissions->count();
##Assigning Direct Permissions To A User
Additionally, individual permissions can be assigned to the user too.
For instance:
$role = Role::findByName('writer');
$role->givePermissionTo('edit articles');
$user->assignRole('writer');
$user->givePermissionTo('delete articles');
In the above example, a role is given permission to edit articles and this role is assigned to a user.
Now the user can edit articles and additionally delete articles. The permission of 'delete articles' is the user's direct permission because it is assigned directly to them.
When we call $user->hasDirectPermission('delete articles')
it returns true
,
but false
for $user->hasDirectPermission('edit articles')
.
This method is useful if one builds a form for setting permissions for roles and users in an application and wants to restrict or change inherited permissions of roles of the user, i.e. allowing to change only direct permissions of the user.
You can check if the user has a Specific or All or Any of a set of permissions directly assigned:
$user->hasDirectPermission('edit articles')
$user->hasAllDirectPermissions(['edit articles', 'delete articles']);
$user->hasAnyDirectPermission(['create articles', 'delete articles']);
By following the previous example, when we call $user->hasAllDirectPermissions(['edit articles', 'delete articles'])
it returns false
, because the user does not have edit articles
as a direct permission.
When we call
$user->hasAnyDirectPermission('edit articles')
, it returns true
because the user has one of the provided permissions.
You can examine all of these permissions:
$user->getDirectPermissions()
$user->getPermissionsViaRoles();
$user->getAllPermissions();
All these responses are collections of Spatie\Permission\Models\Permission
objects.
If we follow the previous example, the first response will be a collection with the delete article
permission and
the second will be a collection with the edit article
permission and the third will contain both.