Sign in Get started

This episode is for members only

Sign up to access "Laravel Teams" right now.

Already a member? Sign in to continue

Playing

13. Authorising current team updates

Episodes

0%

Your progress

Total: 4h 36m
Played: 0m
Remaining: 4h 36m

Join or sign in to track your progress

01. Introduction and demo

02. Setup with Pest

03. Building the user teams relations

04. Creating a personal team when registering

05. Leaving all teams when an account is deleted

06. Tracking the current team

07. Showing team details in the UI

08. Switching to another team

09. Authorising team switching

10. Updating a team name

11. Basic roles and permissions setup

12. Team roles and permissions middleware

13. Authorising current team updates

14. Testing team permissions through HTTP requests

15. Leaving a team

16. Displaying team members

17. Making team members look better

18. Removing a team member

19. Preventing self removal from a team

20. Storing invitations

21. Validating invitations

22. Authorising team invitation creation

23. Displaying invitations

24. Revoking invitations

25. Sending an invitation email

26. Accepting an invitation

27. Displaying a modal to change a member’s role

28. Updating a member’s role

29. More authorisation and checks for role changing

30. Fixing up the email sending test details

31. Fixing and validating email addresses for invites

32. Tidying up @can directive checks

33. Detaching roles when removing users

34. Adding an extra layer of protection to the team middleware

35. Getting related models through teams

36. Building a helper to access the current team

37. Getting all related models through all teams

38. Creating new teams

Transcript

00:00

We don't have many permissions set up as part of this team admin,

00:03

but we do have the one, which is whether we can update a team. What we can now do is apply that to what we have built earlier, where we can update our team's name. Let's take a look at how we do this and integrate this with a policy,

00:17

which is the recommended way to work with roles and permissions within Laravel. So remember, we created the team policy earlier with all of the checks in here. What we want to do is rather than litter the rest of our code with specific permissions checks from that package,

00:35

we want to do everything in one place. That means that we just have a single central point where we can check if a user has permission to do something. And we can either use this in blade templates,

00:46

or we can use this within our controllers. So we returned true here earlier, but really the last check of this is that the user can update a team. Now, what this will do is within the current context of the team

01:00

that we're trying to update, it will check if this permission exists on that role that we have as part of that team. So let's go over here and just say Alex's team,

01:11

hit save, and you can see that sure enough, that does update because we know that for a personal team, we are a team admin. Now, just really quickly, I'm going to fix this up because over on the team controller,

01:22

what we're not doing is returning back with that status that we're checking within our blade template. Not really the most important thing, but if we do this over on the edit team form,

01:34

this will then go ahead and check this, and it will show a saved value like that. Not the most important, but we'll add it in. Okay, so we know that we can update this team,

01:46

but what happens if we create our new team without any permissions or without any roles? Well, let's go over and create a new team once again. So we'll just create that code course team out,

01:55

and let's have a look. So let's assign us to that. Let's just check the ID, that's six. So let's assign that to there.

02:03

Let's go and switch over to that team. And now we're in this team. Now, if I hit save, we get a 403 because we don't have a role attached.

02:13

And even if we just did have a team member role attached, we still don't have permission to do this. So that's all working now because over in our team controller,

02:24

we have a team update request, which is using update, which we remember is over on our team policies. So it's now also checking our permissions as well as whether we're actually in that team.

02:37

So now that we've done this, we are good to go. We can't update this team information, but we also want to make sure that we don't show this because if we don't have permission,

02:46

there's no point in even showing this team information. And you could do things like get rid of the save button or blank this out, whatever you want to do, but I'm just going to get rid of this entire thing.

02:57

Okay, let's go over and do that within Blade now because we've got a policy, this makes it incredibly easy. So over in our edit team form, what we can now do, or actually it's probably better to do this directly

03:09

within the team edit. We can just get rid of this entire thing. So let's go and just wrap this in a Blade can and we'll say update,

03:22

and you can even create out a new permission for edit specifically to see an edit value, but we'll just leave it as it is for now. And we'll end the can there, pull that in,

03:32

and that means we don't see that at all. But when we switch over to our team, that middleware kicks in and it allows us to see and of course, update that information.

38 episodes•4 hrs 36 mins•5 months ago

Overview

Need team functionality in your Laravel application? Let’s build it from scratch.

We’ll cover the basics of creating teams, switching between them, sending secure team invites by email, and managing team members.

Powering everything will be roles and permissions for each member, with the ability to switch roles directly from your team dashboard.

Once you’re done, you’ll have mastered team functionality in Laravel.

Alex Garrett-Smith

Alex Garrett-Smith

Hey, I'm the founder of Codecourse!

Episode discussion

No comments, yet. Be the first!