How to check if a group has a permission or set of permissions assigned

[sammyskills]

Hi @team,

Let's say we have this type of group/permission structure:

+--------------------------+----------------------------------------------------------+
| Group                    | Permissions                                              |
+--------------------------+----------------------------------------------------------+
| admin                    | users.create, payments.add                               |
+--------------------------+----------------------------------------------------------+
| auditor                  | users.view, payments.view                                |
+--------------------------+----------------------------------------------------------+

And a navigation menu like this:

• Users
  • All Users (requires the users.view permission)
  • Add New User (requies the users.create permission)
• Payments
  • All Payments (requies the payments.view permission)
  • Add New Payment (requies the payments.add permission)

To display the appropriate link to the currently logged in user, we can do something like this:

<ul>
    <?php if ($group->can('users.create') || $group->can('users.view')) : ?>
        <li>
            <a>Users</a>
            <ul>
                <?php if ($group->can('users.view')) : ?>
                    <li><a>All Users</a></li>
                <?php endif; ?>
                <?php if ($group->can('users.create')) : ?>
                    <li><a>Add New User</a></li>
                <?php endif; ?>
            </ul>
        </li>
    <?php endif; ?>
    <?php if ($group->can('payments.view') || $group->can('payments.add')) : ?>
        <li>
            <a>Payments</a>
            <ul>
                <?php if ($group->can('payments.view')) : ?>
                    <li><a>All Payments</a></li>
                <?php endif; ?>
                <?php if ($group->can('payments.add')) : ?>
                    <li><a>Add New Payment</a></li>
                <?php endif; ?>
            </ul>
        </li>
    <?php endif; ?>
</ul>

So when an admin user logs in, s/he is expected to see this navigation:

• Users
  • Add New User
• Payments
  • Add New Payment

And when an auditor user logs in, s/he is expected to see this navigation:

• Users
  • All Users
• Payments
  • All Payments

This looks okay and simple to implement, but an issue arises when there are a lot of permissions to check, for example:

'reports.centres',
'reports.allowances',
'reports.centre-pv',
'reports.account-renewals',
'reports.package-upgrades',
'reports.level-upgrades',
'reports.pv',
'reports.home-ownership',
'reports.rankings',
'reports.levels',
'reports.online-payments',
'reports.offline-payments',
'reports.birthdays',
'reports.recruitments',
'reports.registrations'

Are we expected to run multiple OR conditions like this?

<?php if ($group->can('reports.centres') || $group->can('reports.allowances') || $group->can('reports.centre-pv') || $group->can('account-renewals') ...) ?>

[kenjis]

In role-based access control, a role (group in Shield) has permissions.
Since each role determines its own menu, there is a way to have a role-specific view partial (or view file).

[sammyskills]

Yes, I know.

From my illustration, instead of using multiple OR conditions, is there a better way to check if a group has a specific permission? For example, if I have this set of permissions:

'reports.centres',
'reports.allowances',
'reports.centre-pv',
'reports.account-renewals',
'reports.package-upgrades',
'reports.level-upgrades',
'reports.pv',
'reports.home-ownership',
'reports.rankings',
'reports.levels',
'reports.online-payments',
'reports.offline-payments',
'reports.birthdays',
'reports.recruitments',
'reports.registrations'

How do I check that a group has any of the reports permissions if the group does not have the wildcard permission setup?