spatie/laravel-permission: WHEN to Use the Package for Roles?

I believe the admin can do cache forget on every update of permissions

1. If we do 2 DB queries on each request to just check roles and permissions, I think it will be a performance issue. And I realize their query is a bit slow compare to my business logic query. What's your POV on this? Sir.
2. We can use a cache and sync the cache programmatically with the DB.
3. How often do you use this in your production-grade application?

Thanks sir.

I am working on the question of how to implement permissions and WorkOS.

My cutrent thoughs are: I have permissions from WorkOS JWT, and then I need to write Middleware that will parse them from JWT and add to User model.

Then I need to check permissions and I have 2 options:
1. Sync ermissions in spatie permissions with WorkOS through API
2. Don't use spatie permissions and create gates manually

Feel like you showed an example of policies as gates, which is kinda wrong IMO, gates should only have unique one off policies. And the PostPolicy class you have could be dumped down to check if a user has a role model attached or a dynamic "permission".
I think the package is useful to set up everything fast, but then you lose the ownership, I use as little packages as possible because I like to own the code.
Also, the package is a bit too complicated for most use cases, most of the time you really only need to check roles against users.

Great video! I would like to see more videos about the use cases for Laravel and Filament features adn other popular packages. There are many features that seem to target specific use cases, but they aren't always clearly reflected in the documentation.

thank you

What's your approach on handling dynamic scoped roles?

Let's assume you a company model and each company have an owner and multiple employees, where the owner can create new private roles for his company, and assign his employees with his custom roles, so the issue here how to avoid the conflict of having 2 companies creating the same roles, like 2 companies naming a role "Post Manager".

We usually handle it with a company specific prefix to the name of the role, but I would like to know your approach.

And what I've got from the video is adding a global scope to the employee model would be helpful.

For simple permission requirements you could save them in the database as a bigint and use each bit for a different permission. Save the name in an enum e.g. CAN_EDIT_ALL_POSTS = 4096. Then you can check for permissions with a simple bitwise and (&) operation. @if(Auth::user()->permissions & Permission::CAN_EDIT_ALL_POSTS->value)

Exhaustingly!
Best sensei!

i use spatie permissions too and also noticed the database queries each time, i'll check if - as you say - the queries are only user related, good idea, thanks

Spatie is great and I have also extended it to manage permission scopes. Some permissions doesn't have a scope assignment too. This way we can create a comprehensive permission matrix. Only downside is Spatie doesn't have a method to cache role permission scopes. It only cache the role and permission level.

Eg:
Role : Content Creator 1 -> Permission : create_post -> Scope : Technology Category Posts
Role : Content Creator 2 -> Permission : create_post -> Scope : Automotive Category Posts
Role : Content Reviewer -> Permission : review_post -> Scope : Technology Category Posts & Automotive Category Posts
Role : Content Publisher -> Permission : publish_post (Can publish all posts without a scope)