How to implement role-based access control in Laravel and Vue.js

Arif Billah Babu

VueJS with Laravel

Implementing role-based access control (RBAC) in a Laravel and Vue.js application involves managing user roles and permissions on the server side (Laravel) and controlling access on the client side (Vue.js). Here's a step-by-step guide on how to implement RBAC in a Laravel and Vue.js application:

Laravel (Server Side):

Database Setup: Set up a database table to store roles, permissions, and user roles. You can use Laravel migrations for this.
```
bash
php artisan make:migration create_roles_table
php artisan make:migration create_permissions_table
php artisan make:migration create_user_roles_table
```
Define the schema for these tables in the migration files and run the migrations.
Create Models: Create models for roles, permissions, and user roles.
```
bash
php artisan make:model Role
php artisan make:model Permission
php artisan make:model UserRole
```
Define relationships between these models.
Middleware: Create a middleware for role-based access control.
```
bash
php artisan make:middleware CheckRole
```
Implement the logic in the middleware to check if the user has the required role.

Routes: Define routes for different roles in your routes/web.php or routes/api.php file.

php
Route::group(['middleware' => 'role:admin'], function () {
    // Admin routes
});

Route::group(['middleware' => 'role:user'], function () {
    // User routes
});

Controller: In your controllers, use the middleware to protect specific actions.

php
public function adminDashboard()
{
    $this->middleware('role:admin');
    // Admin dashboard logic
}

Seed Data: Seed the database with initial roles and permissions.

bash
php artisan db:seed --class=RolesTableSeeder
php artisan db:seed --class=PermissionsTableSeeder

Create seeders for roles and permissions.

Vue.js (Client Side):

API Requests: Use Vue.js to make API requests to the Laravel backend to get user roles and permissions.

Conditional Rendering: In your Vue.js components, use conditional rendering based on the user's roles and permissions to show/hide certain features or sections.

vue
<template>
    <div v-if="userHasPermission('view_admin_dashboard')">
        <!-- Admin Dashboard -->
    </div>
    <div v-else>
        <!-- Regular User Dashboard -->
    </div>
</template>

<script>
export default {
    methods: {
        userHasPermission(permission) {
            // Check if the user has the specified permission
            // You can get this information from the API response
            return this.userPermissions.includes(permission);
        }
    }
}
</script>

Authentication and Authorization: Ensure that your authentication system is set up to authenticate users and retrieve their roles and permissions. Laravel Passport is a popular choice for API authentication.

Route Guards: Implement route guards in your Vue router to restrict access to certain routes based on user roles and permissions.

javascript
const routes = [
    {
        path: '/admin',
        component: AdminDashboard,
        meta: { requiresAdmin: true }
    },
    // Other routes
];

// In your router setup
router.beforeEach((to, from, next) => {
    if (to.matched.some(record => record.meta.requiresAdmin)) {
        if (!userHasPermission('admin')) {
            // Redirect to unauthorized page
            next({ path: '/unauthorized' });
        } else {
            next();
        }
    } else {
        next();
    }
});

Remember to customize the implementation based on your specific application requirements. This is a basic guide, and you may need to adjust it according to the complexity of your application.