In addition to @can Blade directive, did you know you can check multiple permissions at once with @canany directive?
@canany(['update', 'view', 'delete'], $post) // The current user can update, view, or delete the post@elsecanany(['create'], \App\Post::class) // The current user can create a post@endcananyWant to perform some actions after new user registration? Head to app/Providers/EventServiceProvider.php and add more Listeners classes, and then in those classes implement handle() method with $event->user object
class EventServiceProvider extends ServiceProvider{ protected $listen = [ Registered::class => [ SendEmailVerificationNotification::class, // You can add any Listener class here // With handle() method inside of that class ], ];You can login with user only for ONE REQUEST, using method Auth::once().
No sessions or cookies will be utilized, which means this method may be helpful when building a stateless API.
if (Auth::once($credentials)) { //}It's convenient to change the user's API Token when its password changes.
Model:
public function setPasswordAttribute($value){ $this->attributes['password'] = $value; $this->attributes['api_token'] = Str::random(100);}If you've defined your Gates but want to override all permissions for SUPER ADMIN user, to give that superadmin ALL permissions, you can intercept gates with Gate::before() statement, in AuthServiceProvider.php file.
// Intercept any Gate and check if it's super adminGate::before(function($user, $ability) { if ($user->is_super_admin == 1) { return true; }});// Or if you use some permissions package...Gate::before(function($user, $ability) { if ($user->hasPermission('root')) { return true; }});