This episode is for members only
Sign up to access "Laravel Teams" right now.
Get started
Already a member? Sign in to continue
Playing
32. Tidying up @can directive checks
Episodes
01. Introduction and demo
4m 49s
0%
02. Setup with Pest
4m 2s
0%
03. Building the user teams relations
6m 5s
0%
04. Creating a personal team when registering
6m 3s
0%
05. Leaving all teams when an account is deleted
3m 55s
0%
06. Tracking the current team
4m 50s
0%
07. Showing team details in the UI
2m 55s
0%
08. Switching to another team
7m 24s
0%
09. Authorising team switching
6m 53s
0%
10. Updating a team name
10m 48s
0%
11. Basic roles and permissions setup
5m 26s
0%
12. Team roles and permissions middleware
9m 18s
0%
13. Authorising current team updates
3m 43s
0%
14. Testing team permissions through HTTP requests
3m 58s
0%
15. Leaving a team
10m 50s
0%
16. Displaying team members
8m 42s
0%
17. Making team members look better
5m 3s
0%
18. Removing a team member
15m 18s
0%
19. Preventing self removal from a team
4m 7s
0%
20. Storing invitations
13m 31s
0%
21. Validating invitations
6m 38s
0%
22. Authorising team invitation creation
6m 22s
0%
23. Displaying invitations
3m 16s
0%
24. Revoking invitations
12m 46s
0%
25. Sending an invitation email
13m 6s
0%
26. Accepting an invitation
12m 22s
0%
27. Displaying a modal to change a member’s role
10m 31s
0%
28. Updating a member’s role
9m 5s
0%
29. More authorisation and checks for role changing
10m 14s
0%
30. Fixing up the email sending test details
49s
0%
31. Fixing and validating email addresses for invites
1m 32s
0%
32. Tidying up @can directive checks
3m 25s
0%
33. Detaching roles when removing users
5m
0%
34. Adding an extra layer of protection to the team middleware
6m 35s
0%
35. Getting related models through teams
5m 37s
0%
36. Building a helper to access the current team
10m 47s
0%
37. Getting all related models through all teams
7m 15s
0%
38. Creating new teams
13m 7s
0%
Transcript
00:00
Something else that we need to be careful in, particularly when we're dealing with roles and permissions,
00:04
is wherever we're using the can directive within our blade templates, we want to make sure we're referencing the policy. Remember the policy is the single source of truth
00:14
as to whether something can happen or not. So we don't want to reference individual permissions anywhere in our app. We want to keep these directly within the policy.
00:24
Just a refresher, if we go over to any of our policies, we know that we're using the permissions directly within here, but we're basing some other checks around this as well,
00:33
just in case. Now, what we've actually done throughout this system is if we just search for can, some places I've gone ahead and used
00:42
the permission directly, and that's not what we want to do. So let's go ahead and just change some of these around. So we've got this first one, can invite to team.
00:51
If we head over to Mabel's account, we know that she is just a team member, so she shouldn't be able to invite to a team. So we can just use the UI to make sure
00:59
that this is all good. Okay, if we go back over to our team policy, let's search for that invite to team. And yeah, that's just invite to team.
01:08
So let's go back over and we will update this here. And let's go ahead and look for that elsewhere to see if we've used it and just here as well on the team members for the other part of this.
01:19
So let's say invite to team. Now we know that as part of this, we need to pass in the user and the team or just the team. So let's go ahead and pass the team into here
01:26
and let's look for invite to team here and make sure we pass that team in as well. Okay, so if we head over to the UI, we shouldn't see any difference here
01:34
because we're pretty much doing the same thing in the policy, but now we've switched that over. It's a little bit more reliable. When we add anything to the policy, this should now work.
01:42
You can see this works for Alex's account as well. Now we also have, if we just have a look under can, we've got the view team member section. So if we open up our team policy and we have a look here,
01:56
we don't actually have a view team members method. So in this case, what we would do is just go ahead and create one out anyway. So view team members,
02:07
even though we're just going to check the permission in here it's good practice to do this anyway. So let's go ahead and pass in the user. Now we don't need the team in here,
02:17
but if we had any other checks around the specific team that we could view, then we could use that. Remember that the permissions checks are always in the context of that ID
02:27
for the team that's been set in the middleware. So in here, all we really need to do is just say user can, and let's just remind ourselves of that view team members. So let's say view team members,
02:40
and we can just switch this over now. So we can take the view team members just here, and we can go ahead and pop that directly over to here. And pass that team directly over.
02:53
So we know that everyone can view team members, but we don't see much difference here. Of course, if this user didn't have a role or they didn't have the correct permission,
03:01
we wouldn't see it. But now we've successfully switched over all of the cans to use the method specifically inside of our policy. And we're not directly checking permissions.
03:14
And this is going to help us going forward because it means any updates we make to our policy will be reflected in both form submissions and within our templates as well.
38 episodes•4 hrs 36 mins•5 months ago
Overview
Need team functionality in your Laravel application? Let’s build it from scratch.
We’ll cover the basics of creating teams, switching between them, sending secure team invites by email, and managing team members.
Powering everything will be roles and permissions for each member, with the ability to switch roles directly from your team dashboard.
Once you’re done, you’ll have mastered team functionality in Laravel.
Alex Garrett-Smith
Hey, I'm the founder of Codecourse!
Episode discussion
No comments, yet. Be the first!