F
Filament11mo ago
Meymink

Assign roles to a team rather than a user

Hello, i hope this is allowed here but im desperate for help as i've been struggling for days on this. This is my first project and the first time i'm using the spatie permissions package. I've read the documentation multiple times and i'm still confused and facing a problem. I am working on a project with the following structure: Teams (tenants) Team members Users Roles Permissions Subscriptions (Filament) panels: Admin panel (for devs & admins) App panel (can only be accessed through a 'public' team/tenant.) All users have a personal team (a private team/tenant). A personal team can only have roles and nothing more. So i assign the Global Admin role to one's personal team and that's how he can access the admin panel. In order to be able to use the app/software, one must be in a 'public' team so he or she can access the team resources and data in the app panel. So app data (example, a social media account) is always linked to a team so that the entire team can manage (the social media account) data. I have three types of roles: Global roles (such as Global admin, Global developer, Global moderator) Team member roles (Example, someone else besides the team owner should be able to invite and remove members) Subscription roles (Subscriptions are linked to a team rather than a user.) So basically the team should access certain features based on the package that the team has subscribed to. Up until now i was able to assign roles to team members and was able to verify whether a user has access to a permission for the team/tenant using setPermissionTeamId. But doing something like $team->can('use function') is impossible because the team cannot use 'can' it says. How can i assign roles to the entire team rather than one team member? I would love to use this package but is it possible within the structure im working on? Or are there better aproaches/structures for the same goal? Would love to get some advice on this.
13 Replies
Meymink
MeyminkOP11mo ago
Up! Would live to hear from someone who got experience with this!
awcodes
awcodes11mo ago
Permissions and roles have to be assigned to a user specifically. A “team” is not an authenticatable model. There’s no way to verify the authenticity of a “team” If a user is not part of a team they will get rejected by default, so then it’s just about whether or not that user can perform actions against the models that team has access to.
Meymink
MeyminkOP11mo ago
Ah that's sad! Do you have any suggestions for my goal? Like how i can assign permissions to the entire team rather than a team member.
awcodes
awcodes11mo ago
You can’t.
Meymink
MeyminkOP11mo ago
alright, so ill have to work on my own implementation
awcodes
awcodes11mo ago
There’s no way to authenticate as a “team” You could create roles based on the team and then give the users of that team the said role. But the authorization depends on the individual user, not the team.
Meymink
MeyminkOP11mo ago
Hmm that's a good one Im thinking of giving all users certain roles by default depending on the team subscrib Because users can have multiple roles within a team
awcodes
awcodes11mo ago
Yea. That might be the best way to do it.
Meymink
MeyminkOP11mo ago
Thank you very very much Awcodes!
awcodes
awcodes11mo ago
Hope you figure it out.
Meymink
MeyminkOP11mo ago
ty
awcodes
awcodes11mo ago
Roles and permissions is one of the most complicated things, throw in tenancy too and gets to be a mind bender.
Meymink
MeyminkOP11mo ago
Hahah i can tell! I've been struggling with this for days.
Want results from more Discord servers?
Add your server