Controllers separation of concerns in laravel
I have been working on a project using php with laravel for a week now, I just want to make sure I am following the best practices.
I really like the idea of Resource controllers and CRUD, they make sense and I chose to follow this approach. However, should I be using them on a model where different users have different access rights on it?
suppose I have different types of users (user, admin, agent) that have different access rights on the same models. Which of the following approaches is more appropriate for this case?
- Create a normal controller for each user type along with its middleware that authorizes the access to this controller. Then add a route to that controller with that middleware.
- Create a resource controller for each resource (model), create a route group for each user type containing all routes for this user type from the defined controllers along with a middleware for this route group.
In other words, where both of the following are possible, should controllers definition be based on user type or resources themselves?
php laravel controller backend crud
add a comment |
I have been working on a project using php with laravel for a week now, I just want to make sure I am following the best practices.
I really like the idea of Resource controllers and CRUD, they make sense and I chose to follow this approach. However, should I be using them on a model where different users have different access rights on it?
suppose I have different types of users (user, admin, agent) that have different access rights on the same models. Which of the following approaches is more appropriate for this case?
- Create a normal controller for each user type along with its middleware that authorizes the access to this controller. Then add a route to that controller with that middleware.
- Create a resource controller for each resource (model), create a route group for each user type containing all routes for this user type from the defined controllers along with a middleware for this route group.
In other words, where both of the following are possible, should controllers definition be based on user type or resources themselves?
php laravel controller backend crud
I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.
– miken32
Nov 20 '18 at 2:15
Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.
– MistaOS
Nov 20 '18 at 2:21
Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization
– newUserName02
Nov 20 '18 at 2:59
add a comment |
I have been working on a project using php with laravel for a week now, I just want to make sure I am following the best practices.
I really like the idea of Resource controllers and CRUD, they make sense and I chose to follow this approach. However, should I be using them on a model where different users have different access rights on it?
suppose I have different types of users (user, admin, agent) that have different access rights on the same models. Which of the following approaches is more appropriate for this case?
- Create a normal controller for each user type along with its middleware that authorizes the access to this controller. Then add a route to that controller with that middleware.
- Create a resource controller for each resource (model), create a route group for each user type containing all routes for this user type from the defined controllers along with a middleware for this route group.
In other words, where both of the following are possible, should controllers definition be based on user type or resources themselves?
php laravel controller backend crud
I have been working on a project using php with laravel for a week now, I just want to make sure I am following the best practices.
I really like the idea of Resource controllers and CRUD, they make sense and I chose to follow this approach. However, should I be using them on a model where different users have different access rights on it?
suppose I have different types of users (user, admin, agent) that have different access rights on the same models. Which of the following approaches is more appropriate for this case?
- Create a normal controller for each user type along with its middleware that authorizes the access to this controller. Then add a route to that controller with that middleware.
- Create a resource controller for each resource (model), create a route group for each user type containing all routes for this user type from the defined controllers along with a middleware for this route group.
In other words, where both of the following are possible, should controllers definition be based on user type or resources themselves?
php laravel controller backend crud
php laravel controller backend crud
asked Nov 20 '18 at 1:42
MistaOSMistaOS
327
327
I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.
– miken32
Nov 20 '18 at 2:15
Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.
– MistaOS
Nov 20 '18 at 2:21
Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization
– newUserName02
Nov 20 '18 at 2:59
add a comment |
I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.
– miken32
Nov 20 '18 at 2:15
Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.
– MistaOS
Nov 20 '18 at 2:21
Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization
– newUserName02
Nov 20 '18 at 2:59
I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.
– miken32
Nov 20 '18 at 2:15
I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.
– miken32
Nov 20 '18 at 2:15
Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.
– MistaOS
Nov 20 '18 at 2:21
Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.
– MistaOS
Nov 20 '18 at 2:21
Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization
– newUserName02
Nov 20 '18 at 2:59
Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization
– newUserName02
Nov 20 '18 at 2:59
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53385066%2fcontrollers-separation-of-concerns-in-laravel%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53385066%2fcontrollers-separation-of-concerns-in-laravel%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.
– miken32
Nov 20 '18 at 2:15
Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.
– MistaOS
Nov 20 '18 at 2:21
Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization
– newUserName02
Nov 20 '18 at 2:59