How to properly implement authorization, checking for "roles"?

M

Meefril2021-09-05 17:05:22

MySQL

Meefril, 2021-09-05 17:05:22

I would like to know how correct the implementation is below and what other options there are
. The database has roles and permissions tables and the third roles_permissions, as well as a table with users, where there is a role column
On the front (vue) after authorization via login and password, an array gets into the payload JWT with all the permissions of this user, based on his role
. When a user performs an action, the api on the back gets his permissions and checks the signature of the token and, if successful, performs the requested action.

I would also like to know how to properly separate the front for the user and the admin.
For example, in the personal account, the user does not have a tab to go to the page for creating posts, but the admin has one. How it is better to implement it?
It just came to my mind:
v-show on this tab, which displays it if the user is an admin.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alfieros, 2021-09-05
@Meefril

Laravel, Symfony? If without problems and scribbling, create a middleware in which:

if(Auth::user()->role = admin){ 
return view('admin.index'); 
} else {
return view('/')->with('error-message',  'Досвидос');
}
Можно так же повесить медвейр на роут(перед контроллером) при переходе по нужной ссылке, где вы будете сверять права. Можно так же описать сервис прав, и вызывать его в нужном месте, к примеру как @perm.

If the usual puff, then hang up a check on the front, and write conditions for the visible area of the role on the backend

<?
$user_role = $db->query->user->role;
if($user_role = admin){
// кусок видимой области
endif;
?>