Role Management

​

Overview

• Spatie\Permission\Models\Role
• Spatie\Permission\Models\Permission

​

Key Features

​

Spatie Laravel Permission

• Role-based access control (RBAC)
• Direct permission assignment to users
• Middleware for route protection
• Blade directives for view-level checks
• Cache optimization for permission queries

​

Data Structure

​

Role Model

• id: Primary key
• name: Unique role name
• guard_name: Authentication guard (default: ‘sanctum’)
• created_at: Timestamp
• updated_at: Timestamp

​

Permission Model

• id: Primary key
• name: Unique permission name
• guard_name: Authentication guard
• created_at: Timestamp
• updated_at: Timestamp

​

Role-Permission Relationship

• permission_id: Foreign key to permissions
• role_id: Foreign key to roles

​

Permissions

• role.index: View roles list and manage roles
• role.create: Create new roles
• role.update: Edit existing roles
• role.destroy: Delete roles

​

API Endpoints

​

List Roles

GET /roles

• roles: Collection of roles with eager-loaded permissions
• permissions: Collection of all available permissions

{
  "roles": [
    {
      "id": 1,
      "name": "Asesor",
      "guard_name": "sanctum",
      "permissions": [
        {"id": 1, "name": "rutas-tecnicas.ver"},
        {"id": 2, "name": "rutas-tecnicas.crear"}
      ]
    }
  ],
  "permissions": [
    {"id": 1, "name": "rutas-tecnicas.ver"},
    {"id": 2, "name": "rutas-tecnicas.crear"},
    {"id": 3, "name": "user.index"}
  ]
}

​

Create Role

POST /roles

{
  "name": "Asesor",
  "permissions": [1, 2, 5, 7]
}

1. Create new role with provided name
2. Sync permissions (adds new, removes unspecified)
3. Commit transaction
4. Return updated roles list

​

Update Role

PUT /roles/{id}

{
  "name": "Asesor Senior",
  "permissions": [1, 2, 3, 5, 7, 9]
}

1. Find role by ID
2. Update role name
3. Sync permissions (using syncPermissions() method)
4. Commit transaction
5. Return updated roles list

​

Delete Role

DELETE /roles/{id}

1. Delete role by ID
2. Cascade removes permission associations
3. Commit transaction
4. Return remaining roles

​

Permission Naming Convention

{module}.{action}

​

Examples

• user.index - View users list
• user.create - Create new users
• user.update - Edit users
• user.destroy - Delete users
• user.show - View user details

• role.index - View roles
• role.create - Create roles
• role.update - Edit roles
• role.destroy - Delete roles

• report.create - Create reports
• report.edit - Edit reports
• report.destroy - Delete reports
• report.filter.index - View filters
• report.filter.create - Create filters

• ver-lista-precios - View price lists

• rutas-tecnicas.ver - View routes
• rutas-tecnicas.crear - Create routes
• rutas-tecnicas.editar - Edit routes
• rutas-tecnicas.eliminar - Delete routes
• rutas-tecnicas.ver-todos - View all routes (supervisor)

• super-admin - Full system access
• update-reports - Update user report assignments
• update-filters - Update user report filters
• set-default - Set dashboard defaults
• import-report - Import Power BI reports

​

Common Roles

​

Super Admin

​

Gerencia (Management)

• All user management
• All report management
• View all technical routes
• Role and permission management

​

AsistenteVentas (Sales Assistant)

• View/create/edit technical routes
• View all routes
• Report viewing
• User management (limited)

​

Asesor (Advisor)

• Create/view/edit own technical routes
• View price lists
• View assigned reports

​

Tecnico (Technician)

• View technical routes assigned to them
• View price lists
• Limited report access

​

Vendedor (Salesperson)

• View price lists
• View assigned reports
• Create design requests

​

Permission Checks in Code

​

Controller Level

Route::get('/users', [UserController::class, 'index'])
    ->middleware('role_or_permission:super-admin|user.index');

​

User Model

// Check single permission
if ($user->can('user.create')) {
    // Allow action
}

// Check role
if ($user->hasRole('super-admin')) {
    // Allow action
}

// Check any permission
if ($user->hasAnyPermission(['user.create', 'user.update'])) {
    // Allow action
}

​

Blade Views

@can('user.create')
    <button>Create User</button>
@endcan

@role('super-admin')
    <a href="/admin">Admin Panel</a>
@endrole

​

Vue Components

if (props.user.permission_names.includes('user.create')) {
    // Show create button
}

if (props.user.role_names.includes('super-admin')) {
    // Show admin features
}

​

Transaction Safety

DB::beginTransaction();
try {
    // Create/Update/Delete operations
    DB::commit();
    return response()->json($roles, 200);
} catch (\Exception $e) {
    DB::rollBack();
    return response()->json($e->getMessage(), 500);
}

• Ensures data consistency
• Prevents partial updates
• Automatically rolls back on errors

​

User Interface

​

Roles Table

• Columns: Role Name, Permission Count, Actions
• Actions: Edit, Delete
• Create Button: Opens modal for new role

​

Role Form (Create/Edit)

• Role Name: Text input (required, unique)
• Permissions: Multi-select checkbox list
• Save Button: Submits form
• Cancel Button: Closes modal

​

Permission List

• User Management
• Role Management
• Report Management
• Technical Routes
• Design Requests
• Price Lists
• Special Permissions

​

Cache Considerations

​

Clear Cache After Changes

use Spatie\Permission\PermissionRegistrar;

app()->make(PermissionRegistrar::class)->forgetCachedPermissions();

​

Cache Keys

• User permissions
• User roles
• Role permissions

​

Seeding Permissions

// database/seeders/PermissionSeeder.php
use Spatie\Permission\Models\Permission;

Permission::create(['name' => 'user.index']);
Permission::create(['name' => 'user.create']);
Permission::create(['name' => 'user.update']);
Permission::create(['name' => 'user.destroy']);
// ... more permissions

​

Usage Workflow

​

Best Practices

​

Related Modules