Controllers separation of concerns in laravel












0















I have been working on a project using php with laravel for a week now, I just want to make sure I am following the best practices.



I really like the idea of Resource controllers and CRUD, they make sense and I chose to follow this approach. However, should I be using them on a model where different users have different access rights on it?



suppose I have different types of users (user, admin, agent) that have different access rights on the same models. Which of the following approaches is more appropriate for this case?




  • Create a normal controller for each user type along with its middleware that authorizes the access to this controller. Then add a route to that controller with that middleware.

  • Create a resource controller for each resource (model), create a route group for each user type containing all routes for this user type from the defined controllers along with a middleware for this route group.


In other words, where both of the following are possible, should controllers definition be based on user type or resources themselves?










share|improve this question























  • I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.

    – miken32
    Nov 20 '18 at 2:15











  • Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.

    – MistaOS
    Nov 20 '18 at 2:21













  • Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization

    – newUserName02
    Nov 20 '18 at 2:59


















0















I have been working on a project using php with laravel for a week now, I just want to make sure I am following the best practices.



I really like the idea of Resource controllers and CRUD, they make sense and I chose to follow this approach. However, should I be using them on a model where different users have different access rights on it?



suppose I have different types of users (user, admin, agent) that have different access rights on the same models. Which of the following approaches is more appropriate for this case?




  • Create a normal controller for each user type along with its middleware that authorizes the access to this controller. Then add a route to that controller with that middleware.

  • Create a resource controller for each resource (model), create a route group for each user type containing all routes for this user type from the defined controllers along with a middleware for this route group.


In other words, where both of the following are possible, should controllers definition be based on user type or resources themselves?










share|improve this question























  • I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.

    – miken32
    Nov 20 '18 at 2:15











  • Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.

    – MistaOS
    Nov 20 '18 at 2:21













  • Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization

    – newUserName02
    Nov 20 '18 at 2:59
















0












0








0








I have been working on a project using php with laravel for a week now, I just want to make sure I am following the best practices.



I really like the idea of Resource controllers and CRUD, they make sense and I chose to follow this approach. However, should I be using them on a model where different users have different access rights on it?



suppose I have different types of users (user, admin, agent) that have different access rights on the same models. Which of the following approaches is more appropriate for this case?




  • Create a normal controller for each user type along with its middleware that authorizes the access to this controller. Then add a route to that controller with that middleware.

  • Create a resource controller for each resource (model), create a route group for each user type containing all routes for this user type from the defined controllers along with a middleware for this route group.


In other words, where both of the following are possible, should controllers definition be based on user type or resources themselves?










share|improve this question














I have been working on a project using php with laravel for a week now, I just want to make sure I am following the best practices.



I really like the idea of Resource controllers and CRUD, they make sense and I chose to follow this approach. However, should I be using them on a model where different users have different access rights on it?



suppose I have different types of users (user, admin, agent) that have different access rights on the same models. Which of the following approaches is more appropriate for this case?




  • Create a normal controller for each user type along with its middleware that authorizes the access to this controller. Then add a route to that controller with that middleware.

  • Create a resource controller for each resource (model), create a route group for each user type containing all routes for this user type from the defined controllers along with a middleware for this route group.


In other words, where both of the following are possible, should controllers definition be based on user type or resources themselves?







php laravel controller backend crud






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 20 '18 at 1:42









MistaOSMistaOS

327




327













  • I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.

    – miken32
    Nov 20 '18 at 2:15











  • Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.

    – MistaOS
    Nov 20 '18 at 2:21













  • Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization

    – newUserName02
    Nov 20 '18 at 2:59





















  • I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.

    – miken32
    Nov 20 '18 at 2:15











  • Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.

    – MistaOS
    Nov 20 '18 at 2:21













  • Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization

    – newUserName02
    Nov 20 '18 at 2:59



















I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.

– miken32
Nov 20 '18 at 2:15





I just use the same controller and methods for everyone, then check access rights in the method and respond accordingly. But, this is not a good question for SO, too broad and opinion-based.

– miken32
Nov 20 '18 at 2:15













Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.

– MistaOS
Nov 20 '18 at 2:21







Shouldn't access rights be verified in a middleware as a better practice?, It was meant to be like a discussion so we can compare approaches, we might end up with a better approach than ours.

– MistaOS
Nov 20 '18 at 2:21















Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization

– newUserName02
Nov 20 '18 at 2:59







Isn't this what policies are for? You don't have to check whether the user has access to the entire controller, just check if they can access that particular action: laravel.com/docs/5.7/authorization

– newUserName02
Nov 20 '18 at 2:59














0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53385066%2fcontrollers-separation-of-concerns-in-laravel%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53385066%2fcontrollers-separation-of-concerns-in-laravel%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Guess what letter conforming each word

Port of Spain

Run scheduled task as local user group (not BUILTIN)