Courses

Roles and Permissions in Laravel 11

Patient Registration: Choose Team/Clinic

Summary of this lesson:
- Implementing user listing with role filtering
- Creating role-based user creation system
- Setting up user management policies
- Writing tests for user management features

When a user tries to register as a Patient, they can choose a team/clinic.

But we don't want users to register for the Master Team.

app/Http/Controllers/Auth/RegisteredUserController.php:

use App\Models\Team;
use Illuminate\View\View;
 
class RegisteredUserController extends Controller
{
public function create(): View
{
$teams = Team::where('name', '!=', 'Master Admin Team')->pluck('name', 'id');
 
return view('auth.register', compact('teams'));
}
 
// ...
}

resources/views/auth/register.blade.php:

// ...
 
<!-- Email Address -->
<div class="mt-4">
<x-input-label for="email" :value="__('Email')" />
<x-text-input id="email" class="block mt-1 w-full" type="email" name="email" :value="old('email')" required autocomplete="username" />
<x-input-error :messages="$errors->get('email')" class="mt-2" />
</div>
 
<!-- Team/Clinic -->
<div class="mt-4">
<x-input-label for="team_id" :value="__('Team')" />
<select name="team_id" id="team_id" class="block mt-1 w-full border-gray-300 focus:border-indigo-500 focus:ring-indigo-500 rounded-md shadow-sm">
<option>-- SELECT TEAM --</option>
@foreach($teams as $id => $name)
<option value="{{ $id }}">{{ $name }}</option>
@endforeach
</select>
<x-input-error :messages="$errors->get('team_id')" class="mt-2" />
</div>
 
<!-- Password -->
<div class="mt-4">
<x-input-label for="password" :value="__('Password')" />
 
<x-text-input id="password" class="block mt-1 w-full"
type="password"
name="password"
required autocomplete="new-password" />
 
<x-input-error :messages="$errors->get('password')" class="mt-2" />
</div>
 
// ...

When a user is created, we must set the current_team_id, then set the team ID using the setPermissionsTeamId() helper from the Spatie package, and assign a role.

app/Http/Controllers/Auth/RegisteredUserController.php:

use App\Enums\Role;
use App\Models\Team;
use Illuminate\Support\Facades\DB;
use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Auth\Events\Registered;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rules;
use Illuminate\View\View;
 
class RegisteredUserController extends Controller
{
// ...
public function store(Request $request): RedirectResponse
{
$request->validate([
'name' => ['required', 'string', 'max:255'],
'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:'.User::class],
'password' => ['required', 'confirmed', Rules\Password::defaults()],
'team_id' => ['required', 'exists:teams,id'],
]);
 
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
'current_team_id' => $request->team_id,
]);
 
event(new Registered($user));
 
Auth::login($user);
 
setPermissionsTeamId($request->team_id);
 
$user->assignRole(Role::Patient);
 
return redirect(route('dashboard', absolute: false));
}
}

When using teams with the Spatie package, they recommend using the Middleware to...

The full lesson is only for Premium Members.
Want to access all 13 lessons of this course? (96 min read)

You also get:

  • 69 courses (majority in latest Laravel 11)
  • Premium tutorials
  • Access to repositories
  • Private Discord