I'd like to setup a row based access control on my laravel application (currently 5.2, waiting for 5.5 lts). This could be done in the controller, but I was wondering if there is a way to do it a bit deeper in the framework.
Let's say there are these models:
P - project
U - user (assigned to many projects)
D - Device (assigned to one project)
F - FAQ document (assigned to one project)
The currently logged in user should only see those devices and faq documents that belong to their projects.
My current attempt is to do this in the controller. Get the current user, check for a generic "access all project" permission and - if not present - join the project for the asked model to limit the result. This has to be replicated on all queries that are running for this model and I am feeling that this kind of redundancy is not perfect.
Is there a way to create something like a interface trait with a method withAccess() that forces those models (Device and FAQ Document in my example) to implement this method and do the query once on the model definition?
via McGo
