The implementation of groups, roles and user permissions in laravel, is there a solution?

Good day!
Please tell me, googled, not found anything like ready.
It is necessary that the user was a group, then he can go on a certain route.
(Route allows only 1 group, in turn, the user may have membership in multiple groups)
Further, it is necessary that the user had a role which will define what is displayed on the page. Even that's enough.
The approximate scheme
User - id, name, password
1, Petya, qwe
2, Vasya, ewq
3, Kolya, qaz

Group - user_id, group_id, group_name(for clarity)
1, 1, Worker
1, 2, Warmir
2, 3, Security
3, 1, Worker

Roles - user_id, role_id, group_id, role_name (for clarity)
1, 1, 1, Admin
2, 2, 1, Moder
3, 3, 2, User
2, 1, 3, Admin

And it turns out that the user You can go on and on Warmir Worker, for the Worker it will be Admin, and Warmir he has no role

Complement:
Binding rights to the role is not needed:
User -> hasToMany(Role)
Role -> hasToMany(permission)
Or
User -> hasToMany(Group)
Group -> hasToMany(Role)
IT IS NECESSARY HERE SO:
User -> hasToMany(Group)
User ->hasToMany(Role)
Group -> hasToMany(Role)
March 23rd 20 at 18:54
4 answers
March 23rd 20 at 18:56
Solution
Ohh you have a regular ACL with roles, rights and other things. I usually buy this package https://github.com/spatie/laravel-permission
Started reading, thought not what I need there was that the role has rights and the user has the role.
Then just read below that the user can be right regardless of role and role regardless of the law, thought in exactly what I need!
But now I realize that I need another option.
The user has the role and few rights, but only for that role and if he has another role, he has other rights and obtained another user can be the same role as the first, but with other rights
Repelled from the terms proposed in the documentation - myrtle.Goodwin commented on March 23rd 20 at 18:59
@myrtle.Goodwin, began to read your comment... and did not understand. - magnolia10 commented on March 23rd 20 at 19:02
Maybe I don't see how I could take advantage of it.
For example User1 and User2 role Role1

And different rights for the User it turns out that the ranting and I write that out for the role, and then either in the controller or use the right blade, but then it turns out that if I need the role for another user matching with the rights of the first user user 1 will be able to go to Role2 and his rights zamitayutsya, and I just need to make it so role2.право1 role2.право2, role1.право1 - myrtle.Goodwin commented on March 23rd 20 at 19:05
@magnolia10, Saran, glyuknul, Paul message was added to the end, not noticed, are conductive to the computer will get corrected - myrtle.Goodwin commented on March 23rd 20 at 19:08
@magnolia10, bro, you're not alone. I read 10 times, still don't understand) - Jovan68 commented on March 23rd 20 at 19:11
@myrtle.Goodwin, the role and the right is a separate entity, you can combine them as you wish. USER1 = Права1,2,3
User 2, a Right 4,5,6, etc - and also with the roles, mix and match as you wish - gerry commented on March 23rd 20 at 19:14
@magnolia10, are in fact such that all options that have been proposed will only work if I create a bunch of role name which will prefix the role, but the ID will be different and nice to have the role as the prefix and then роль1. Право1 will mean the same thing as роль2.право1, (table point)

The final version will be
How many services, as many roles and rights are always the same

It would be easy if the user could have multiple roles

As well as services planned hundreds, the option prefix is very bad, the probability of error greatly increases - myrtle.Goodwin commented on March 23rd 20 at 19:17
@gerry, please read my next review, like I there tried to explain that in the end I want to, if we are talking about the same thing, then I probably do not understand anything at the end of the working day - myrtle.Goodwin commented on March 23rd 20 at 19:20
@myrtle.Goodwin, роль1право1 and роль2право1 are the same. The user receives access rights, not roles - Autumn_Willms commented on March 23rd 20 at 19:23
like so you should get
5cf54a92a7f58099478776.png - myrtle.Goodwin commented on March 23rd 20 at 19:26
@Autumn_Willms, here's what I'm trying to explain
we have 2 pages
there are 4 user
1, the user can view and edit 1 page and can only see 2 page
2, the user can see and edit 2 page and can only see 1 page
3, the user can view and edit both pages
4 can only watch these pages
Now the question is, how to organize it?
I hope now clearly explained
And I don't want to call right as: edit 2 page
To edit 1 page
Watch 1 page
See page 2 of the
And this must be in the group:
Group 1 has access to 1 page
Group 2 has access to page 2
And the user may edit either the first page or the second that marked him as the right in one group or another
Abstracts from the roles, rights and everything else, can be called a group, and the right and role, the essence of the goal will change
But the search query changes, so please send them to the right path, who will do what I have planned - myrtle.Goodwin commented on March 23rd 20 at 19:29
Found the best example which just give to understand what I mean and what I want to achieve!
Group VK
In one group I Admin, to another moderator, in the third User
it's my rights and they are normally all included 1 time for all groups, you're just being admin go to settings groups and assign rights, but these rights do not extend to other groups. Here's how to do it? I think the scheme will be the same that I need - myrtle.Goodwin commented on March 23rd 20 at 19:32
@myrtle.Goodwin, group 1 has access to 1 page using the right of access to this page. I don't use modules, but most likely listed in the answers module allows you to assign rights to the roles (groups) and users - Autumn_Willms commented on March 23rd 20 at 19:35
@myrtle.Goodwin, in the dock many examples - Autumn_Willms commented on March 23rd 20 at 19:38
@myrtle.Goodwin, As I understand it, you need to associate specific ranting and roles of a specific user with a specific role, right? For example:
Route /one/ readable User role edit the Admin role
- Route /two/ too readable User role edit the Admin role
- The user John has the role of the User to get /one/, but to get /two/ he may already have the Admin role
Do I understand correctly? If Yes, then you just need the mapping of ranting and roles for them for each user. Wise to gash the default User role which will cover basic rights for all the ranting, and the additional permission of MapIT only where necessary. - Jovan68 commented on March 23rd 20 at 19:41
@Jovan68in point, the only users I have 12000 and services of about 100, and therefore handles on each service to register not hunting, and besides we need the ability from the admin area, through the usual check boxes for example, to add or remove rights, and of the group accordingly, in this whole problem, but the mapping of the schA read
And yet forgotten 5 the user may not have access to the router /one/ a to the router /two/ please please browse - myrtle.Goodwin commented on March 23rd 20 at 19:44
@myrtle.Goodwin, Well, partially at least the pens will have to register, no options. And then see what can be done in the form of mass assignment. The point is to define the sets of roles and rights define the basic role/rights that will be applied to the vast majority of users and ranting/resources. Is it possible to assign EN masse programmatically. And then have to do mapping for specific users to lower or raise the role/permissions of each route/resource where they should be different from default. Thus each user will have the mapping, but it will not contain all the ranting/resources, and only those where are his rights different from the default. Who knows, maybe someone will offer a more efficient implementation. Very interesting to listen to. - Jovan68 commented on March 23rd 20 at 19:47
@Jovan68, my version of this
part as access router
right - consists of a prefix from the name of the role plus the right
in the end, give the admin role, and the right pulls on the mask in the field slug roll* well, and add the right user in the right title you can enter a static admin, moder, autor, etc., and slug is already prefixed, but in the end obscurantism in the table with the rights fenchem there, alas, does not smell((( - myrtle.Goodwin commented on March 23rd 20 at 19:50
@Jovan68, 5cf590a1eee81279041417.png
Well, something like this will already be the admin panel
blue singled out allegedly as the cursor is the edit
Group membership = access router and I know how to check it via ranting, there is no difficulty, but right here in each router the user your
If that picture is just a sketch)) - myrtle.Goodwin commented on March 23rd 20 at 19:53
@myrtle.Goodwin,
in the end, give the admin role, and the right pulls on the mask in the field slug roll* well, and add the right user in the right title you can enter a static admin, moder, autor, etc., and the slug will have a prefix,

Here you lost me... some kind of complication in the cube...

but in the end obscurantism in the table with the rights fenchem there, alas, does not smell(((

Well, with this approach, as above - is not surprising. I would have a table of rights did thin and long - id, user_id, resource_id is (or route), permissions (which are different from the default). With the right indexes on your volume will work fine. Experience - you can immediately obtain the rights of a particular user for a particular route/resource. Or generally when authorizing its ID (user_id) take all the rows with his user_id from the table and't cache in redis/memcached.

In General, I was not able to understand what you so difficult in the logic of the ACL. - Jovan68 commented on March 23rd 20 at 19:56
@Jovan68, that is not rules, do this morning, well choose the right, immediately clear how a service work, very well turned out)) I consider the matter closed, but still without a solution to the original question, 3 interlayers have all the same - myrtle.Goodwin commented on March 23rd 20 at 19:59
March 23rd 20 at 18:58
Then I do not understand, whether something is written here https://github.com/kodeine/laravel-acl/wiki/Permis...

First read where is described that it is possible to use the same roles, with different rights for each user, i.e. what I need, and then an example at the end that is not at all clear - myrtle.Goodwin commented on March 23rd 20 at 19:01
@myrtle.Goodwin, I don't know any libraries to implement ACL - a lot of them. Pick based on your specific tasks. - Jovan68 commented on March 23rd 20 at 19:04
@Jovan68, Found the best example which just give to understand what I mean and what I want to achieve!
Group VK
In one group I Admin, to another moderator, in the third User
it's my rights and they are normally all included 1 time for all groups, you're just being admin go to settings groups and assign rights, but these rights do not extend to other groups. Here's how to do it? I think the scheme will be the same that I need
Maybe there experience something similar? - myrtle.Goodwin commented on March 23rd 20 at 19:07
@myrtle.Goodwin, well, this is the ACL mechanism. I think you materiel and decided to skip straight to the action - code to write. Examine the question from a theoretical side, and everything will fall into place. - Jovan68 commented on March 23rd 20 at 19:10
@Jovan68, tell me what to read, what to look for - myrtle.Goodwin commented on March 23rd 20 at 19:13
@myrtle.Goodwin, well start here https://ru.wikipedia.org/wiki/ACL, to familiarize yourself with the concept, and then we'll know what to Google and where to dig. - Jovan68 commented on March 23rd 20 at 19:16
March 23rd 20 at 19:00
Luisi bouncer - like so.
Why the best do not remember, for I was determined about a year ago.
March 23rd 20 at 19:02

Find more questions by tags LaravelUser identificationAccess rights