7

Are there some naming guidelines I should be following when it comes to naming permissions? Right now, everything I find is just along the lines of "Add Foo","Edit Foo","Delete Foo","Add FooBar","Edit FooBar","Delete FooBar", and so forth and so forth.

Keeping in mind that there is no grouping (which is a real pity), and when you have a management screen for all said permissions - the above approach seems quite sloppy.

All your "adds" are together, "edits" are together, etc. eg:

 - Add Foo
 - Add FooBar
 - Add FooBarBez
 - Edit Foo
 - Edit FooBar
 - Edit FooBarBez
 - Delete Foo
 - Delete FooBar
 - Delete FooBarBez

Right now I'm leaning towards something along the lines of what route names look like, for example:

 - foo.add
 - foo.edit
 - foo.delete
 - foobar.add
 - foobar.edit
 - foobar.delete
 - foobarbez.add
 - foobarbez.edit
 - foobarbez.delete

It's more organised in terms of keeping all the 'parent' permissions together (ie: all Foo's together, all FooBar's together, etc). Of course, if there are actual guidelines for this, please do let me know or if you have other valuable input / suggestions?

//Edit Update for Clarity

Specifically, 

- __Are__ any naming conventions? 
- Are there any preferences in terms of use of singular/plural when it comes to parents (eg: "User Create", "Users Create")
- If parents and action should be separated with a space, a dot, something else? (eg: "users.create"; "users create"; "users->create")
- What about nested resources (Parent.Child)? eg: "users.banking_details.create"
- Captilisation? Lowercase? Camel Case?

As mentioned previously, leaning towards laravel named routes as the guideline so would be: plural, lowercase, separated by dots, including full path (parent+child relationship). Just because thats what I'm leaning towards, doesnt mean its right though, hence me asking for input from the community :)

apokryfos
  • 38,771
  • 9
  • 70
  • 114
SupaMonkey
  • 876
  • 2
  • 9
  • 25

4 Answers4

5

Are any naming conventions?

Not that I know of. As you pointed out, the examples use "Create post" etc. which is a horrible way of handling it.

Are there any preferences in terms of use of singular/plural when it comes to parents (eg: "User Create", "Users Create")

It really depends on your usage. Here's an example of using singular and plural for different instances.

A route which returns a single user could be protected by user.read and a route which returns multiple users could be protected by users.read. I believe the best way to do this is by using what makes sense to you and/or your team.

If parents and action should be separated with a space, a dot, something else? (eg: "users.create"; "users create"; "users->create")

Dots are the preferred method, especially if you're going to be using wildcards.

What about nested resources (Parent.Child)? eg: "users.banking_details.create"

Perfectly fine to use, however, be careful when it comes to wildcard permissions. A wildcard permission will give permission to use ALL child permissions.

If you were to give someone the permission users or users.* which are treated the same, they would be able to perform all permissions under this parent.

Captilisation? Lowercase? Camel Case?

Pick a consistent style and stick to it.

I personally use the naming convention commonly used for web actions (CRUD).

task.create
task.read
task.update
task.delete
Savlon
  • 744
  • 2
  • 11
  • 18
  • Good idea. I have been thinking about this. Also, what if a vendor product has similar permissions to a generic name like "edit posts," for example? I'm thinking of prefixing all app permissions with something. – dougd_in_nc Jan 15 '23 at 17:28
  • If you have multiple vendors and there may be a clash with permission names, you could definitely prefix it with the vendors name. – Savlon Jan 15 '23 at 21:49
3

I would use the same names that Laravel uses when authorizing resources:

  • view
  • create
  • update
  • delete

You can read more about this here: Gate and authorization improvements in Laravel.

Joseph Silber
  • 214,931
  • 59
  • 362
  • 292
  • Yes, thanks - this is helpful; but doesn't give any feedback regarding the whole question - just some of it. – SupaMonkey Aug 13 '18 at 05:06
1

In the documentation they list a sample seeder, and give other examples. https://github.com/spatie/laravel-permission

'edit articles'
'delete articles'
'publish articles'
'unpublish articles'

I don't think it's a good convention, so I ended up with this in PostController:

function __construct()
{
  $this->middleware('auth', ['except' => ['index', 'show']]);
  $this->middleware(['permission:post create'], ['only' => ['create', 'store']]);
  $this->middleware(['permission:post edit'],   ['only' => ['edit', 'update']]);
  $this->middleware(['permission:post delete'], ['only' => ['delete']]);
}

I had to use $this each time, because it doesn't seem like you can chain middleware.

Keith Turkowski
  • 751
  • 7
  • 11
0

Instead of using foo or something, simply use

  • Create
  • edit
  • view
  • update
  • destroy It would help and make the steps easier when you started working for authentication.
Sushil Pathak
  • 25
  • 6
  • 1
    I think you misunderstood the use of 'foo' / 'foobar' etc. Its just a placeholder/pseudo code. ie a real example would be users.create ; users.delete ; etc. – SupaMonkey Aug 13 '18 at 05:03