7

Are there some naming guidelines I should be following when it comes to naming permissions? Right now, everything I find is just along the lines of "Add Foo","Edit Foo","Delete Foo","Add FooBar","Edit FooBar","Delete FooBar", and so forth and so forth.

Keeping in mind that there is no grouping (which is a real pity), and when you have a management screen for all said permissions - the above approach seems quite sloppy.

All your "adds" are together, "edits" are together, etc. eg:

 - Add Foo - Add FooBar - Add FooBarBez - Edit Foo - Edit FooBar - Edit FooBarBez - Delete Foo - Delete FooBar - Delete FooBarBez

Right now I'm leaning towards something along the lines of what route names look like, for example:

 - foo.add - foo.edit - foo.delete - foobar.add - foobar.edit - foobar.delete - foobarbez.add - foobarbez.edit - foobarbez.delete

It's more organised in terms of keeping all the 'parent' permissions together (ie: all Foo's together, all FooBar's together, etc). Of course, if there are actual guidelines for this, please do let me know or if you have other valuable input / suggestions?

//Edit Update for Clarity

Specifically, 

- __Are__ any naming conventions? - Are there any preferences in terms of use of singular/plural when it comes to parents (eg: "User Create", "Users Create") - If parents and action should be separated with a space, a dot, something else? (eg: "users.create"; "users create"; "users->create") - What about nested resources (Parent.Child)? eg: "users.banking_details.create" - Captilisation? Lowercase? Camel Case?

As mentioned previously, leaning towards laravel named routes as the guideline so would be: plural, lowercase, separated by dots, including full path (parent+child relationship). Just because thats what I'm leaning towards, doesnt mean its right though, hence me asking for input from the community :)

Improve this question
1
  • mind sharing what you eventually used? I'm now facing the same question thanks Commented Dec 8, 2024 at 0:54

4 Answers 4

Reset to default
5

Are any naming conventions?

Not that I know of. As you pointed out, the examples use "Create post" etc. which is a horrible way of handling it.

Are there any preferences in terms of use of singular/plural when it comes to parents (eg: "User Create", "Users Create")

It really depends on your usage. Here's an example of using singular and plural for different instances.

A route which returns a single user could be protected by user.read and a route which returns multiple users could be protected by users.read. I believe the best way to do this is by using what makes sense to you and/or your team.

If parents and action should be separated with a space, a dot, something else? (eg: "users.create"; "users create"; "users->create")

Dots are the preferred method, especially if you're going to be using wildcards.

What about nested resources (Parent.Child)? eg: "users.banking_details.create"

Perfectly fine to use, however, be careful when it comes to wildcard permissions. A wildcard permission will give permission to use ALL child permissions.

If you were to give someone the permission users or users.* which are treated the same, they would be able to perform all permissions under this parent.

Captilisation? Lowercase? Camel Case?

Pick a consistent style and stick to it.

I personally use the naming convention commonly used for web actions (CRUD).

task.create task.read task.update task.delete
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Good idea. I have been thinking about this. Also, what if a vendor product has similar permissions to a generic name like "edit posts," for example? I'm thinking of prefixing all app permissions with something.
If you have multiple vendors and there may be a clash with permission names, you could definitely prefix it with the vendors name.
4

I would use the same names that Laravel uses when authorizing resources:

  • view
  • create
  • update
  • delete

You can read more about this here: Gate and authorization improvements in Laravel.

Improve this answer

1 Comment

Yes, thanks - this is helpful; but doesn't give any feedback regarding the whole question - just some of it.
1

In the documentation they list a sample seeder, and give other examples. https://github.com/spatie/laravel-permission

'edit articles' 'delete articles' 'publish articles' 'unpublish articles'

I don't think it's a good convention, so I ended up with this in PostController:

function __construct() { $this->middleware('auth', ['except' => ['index', 'show']]); $this->middleware(['permission:post create'], ['only' => ['create', 'store']]); $this->middleware(['permission:post edit'], ['only' => ['edit', 'update']]); $this->middleware(['permission:post delete'], ['only' => ['delete']]); }

I had to use $this each time, because it doesn't seem like you can chain middleware.

Improve this answer

Comments

0

Instead of using foo or something, simply use

  • Create
  • edit
  • view
  • update
  • destroy It would help and make the steps easier when you started working for authentication.
Improve this answer

1 Comment

I think you misunderstood the use of 'foo' / 'foobar' etc. Its just a placeholder/pseudo code. ie a real example would be users.create ; users.delete ; etc.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.