Cartalyst Sentinel Laravel - How do you create roles?

Question

Im new to Cartalyst Sentinel and this concept of ACL. I've managed to create a user, perform activation and login and logout.

I'd like to take my learning to the next level. I would like 2 types of Users on this laravel app. 1 is Administrator another is Subscriber. I'm assuming my account creation method should by default create the user a subscriber.

public function postCreate() {

        /* Validation */
        $validation = Validator::make(Input::all(), [
            'email' => 'required|email|max:50|unique:users',
            'username' => 'required|min:3|max:20|unique:users',
            'password' => 'required|min:6',
            'password_repeat' => 'required|same:password',
        ]);

        if ($validation->fails()) {

            return Redirect('login')->withErrors($validation)->withInput();

        } else {

            $credentials = Input::all();
            $user = Sentinel::register($credentials);

            $activation = Activation::create($user);

            $activation_code = $activation->code;

            if ($user) {

                Mail::send('emails.auth.activate', ['link' => URL::route('account-activate', [$user->id, $activation_code]), 'username' => $user->username], function($message) use ($user) {

                    $message->to($user->email, $user->username)->subject('Activate your account');

                });

                return Redirect::route('home')->with('global', 'Thank you for registering! We have sent you an email to activate your account');

            }

        }       

    }

Do i alter the code like so

$user = Sentinel::register($credentials);

$user = Sentinel::findById(1);

$role = Sentinel::findRoleByName('Subscribers');

$role->users()->attach($user);

The thing is i have not even created any roles to begin with. Where do we write that functionality? Right now i have the following Controllers

1. AccountController - handles activation
2. AuthController - handles login/logout
3. RegistrationController - handles registration of user
4. RolesController - i've not written anything inside here yet. Im a bit lost.

Please guide me. Any help is greatly appreciated.

Answer 1

You do not need to do a search for your user if you already registered them, the register method returns the user. You can do the following to attach a role to a user:

$user = Sentinel::register($credentials);
$role = Sentinel::findRoleByName('Subscribers');
$role->users()->attach($user);
// OR
$user->roles()->attach($role); 

you have both a user and a role object and they have a many to many relation so it doesn't matter which one you use.

You will need to create a db seeder or a method to create your permissions. But to create your Subscribers Role you will need to do the following:

Sentinel::getRoleRepository()->createModel()->create([
    'name' => 'Subscribers',
    'slug' => 'subscribers',
    'permissions' => [
       'user.view'   => true,
       'user.delete' => false,
       // any other permissions you want your Subscribers to have
    ]
]);

A similar call can build your Administrator roles as well.

Your Roles Model and Controller are already built for you, you just need to access them through Sentinel, which you already have Sentinel::findRoleByName('Subscribers'); call.

Cartalyst has some pretty decent documentation about setting up roles and permissions for your users:

• https://cartalyst.com/manual/sentinel#roles
• https://cartalyst.com/manual/sentinel#permissions

It's just a matter of figuring out what you want each role to do or not do. Also, you can set specific permissions per user to override the role permissions.