I'm creating a system in which there are users have user roles. The user roles also contain permissions. Some fields are protected, so that they cannot be overwritten without the user possessing a specific permission.
For example, a user may have the attribute "email" which cannot be changed by the user, unless the user has the permission "update-email-address".
I originally intended to implement this concept as a trait or an abstract class, but I can't figure a way of doing this which doesn't involve either overloading the Eloquent Model constructor method, or else completely overloading another method.
What I'm hoping to do, is to be able to specify an array in a model like below, and by using a tract or extention, somehow prevent updating a model attribute:
/** * The attributes that should only be updatable by given user with the * specified permission * */ public $update_only_by_permission = [ 'email' => ['update-email-address'], ];
Is there a way to achieve this?
via kirgy
