Answer the question
In order to leave comments, you need to log in
How can it be done and how is it generally accepted to separate roles (privileges) when working with the API?
Hey!
There is Laravel and API in it. Now I want to figure out how to do it, and most importantly, how it is customary on real projects to do the separation of roles (privileges) on the API. For example, a user can insert data only into tables that are created for him, receive data either those that are free for everyone or only his own for certain queries.
In general, the usual role-playing model with different restrictions and different opportunities for everyone.
JWT authorization is used.
I would be very grateful if someone shares their experience :)
Answer the question
In order to leave comments, you need to log in
Look towards Laravel 1) Policies and 2) Gates, it is well described in the official documentation .
Have a look at spatie/laravel-permission There is a very flexible demarcation of rights. You can use both single-level and complex schemes.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question