Courses

[NEW] Roles and Permissions in Laravel 11

When a user tries to register as a Patient, they can choose a team/clinic.

But we don't want users to register for the Master Team.

app/Http/Controllers/Auth/RegisteredUserController.php:

use App\Models\Team;
use Illuminate\View\View;
 
class RegisteredUserController extends Controller
{
    public function create(): View
    {
        $teams = Team::where('name', '!=', 'Master Admin Team')->pluck('name', 'id');
 
        return view('auth.register', compact('teams'));
    }
 
    // ...
}

resources/views/auth/register.blade.php:

// ...
 
<!-- Email Address -->
<div class="mt-4">
    <x-input-label for="email" :value="__('Email')" />
    <x-text-input id="email" class="block mt-1 w-full" type="email" name="email" :value="old('email')" required autocomplete="username" />
    <x-input-error :messages="$errors->get('email')" class="mt-2" />
</div>
 
<!-- Team/Clinic -->
<div class="mt-4"> 
    <x-input-label for="team_id" :value="__('Team')" />
    <select name="team_id" id="team_id" class="block mt-1 w-full border-gray-300 focus:border-indigo-500 focus:ring-indigo-500 rounded-md shadow-sm">
        <option>-- SELECT TEAM --</option>
        @foreach($teams as $id => $name)
            <option value="{{ $id }}">{{ $name }}</option>
        @endforeach
    </select>
    <x-input-error :messages="$errors->get('team_id')" class="mt-2" />
</div> 
 
<!-- Password -->
<div class="mt-4">
    <x-input-label for="password" :value="__('Password')" />
 
    <x-text-input id="password" class="block mt-1 w-full"
                    type="password"
                    name="password"
                    required autocomplete="new-password" />
 
    <x-input-error :messages="$errors->get('password')" class="mt-2" />
</div>
 
// ...

When a user is created, we must set the current_team_id, then set the team ID using the setPermissionsTeamId() helper from the Spatie package, and assign a role.

app/Http/Controllers/Auth/RegisteredUserController.php:

use App\Enums\Role;
use App\Models\Team;
use Illuminate\Support\Facades\DB;
use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Auth\Events\Registered;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rules;
use Illuminate\View\View;
 
class RegisteredUserController extends Controller
{
    // ...
    public function store(Request $request): RedirectResponse
    {
        $request->validate([
            'name' => ['required', 'string', 'max:255'],
            'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:'.User::class],
            'password' => ['required', 'confirmed', Rules\Password::defaults()],
            'team_id' => ['required', 'exists:teams,id'],
        ]);
 
        $user = User::create([
            'name'     => $request->name,
            'email'    => $request->email,
            'password' => Hash::make($request->password),
            'current_team_id' => $request->team_id,
        ]);
 
        event(new Registered($user));
 
        Auth::login($user);
 
        setPermissionsTeamId($request->team_id);
 
        $user->assignRole(Role::Patient);
 
        return redirect(route('dashboard', absolute: false));
    }
}

When using teams with the Spatie package, they recommend using the Middleware to...

This lesson is only for Premium Members.
Want to access all lessons of this course?

You also get:

  • 64 courses (1141 lessons, 42 h 01 min total)
  • Premium tutorials
  • Access to repositories
  • Private Discord