While I’ve been able to check the permissions for a user via the Management API, it feels pretty hacked together. I’m fairly new to Laravel so it wouldn’t surprise me if I’m missing something obvious.
We’re using a local store for users so I can save associations with other content via a pivot table. I’m looping through the list of associated users and want to check if they have the payments:view permission assigned in Auth0 to the role they have.
This is what I have currently.
// get the user object
$profile = app('auth0')->getSdk()->management()->users()->getPermissions($user->auth0)
$profile = Auth0\Laravel\Facade\Auth0::json($profile);
// flatten the multidimensional array so I can check it
$profile = Illuminate\Support\Arr::flatten($profile);
// check for my permission in the array
$permission = in_array( 'payments:view', $profile);
// change UI
@if ( $permission )
show UI element
@else
show different element
@endif
I can of course move this off into my model as a wrapper function but I feel like I must be missing something, like I should be able to use the @can blade directive to check access without all the other work. Currently that only works for the logged in user and I have been unable to find a way to apply it to the Collection of users I’m looping through.