VOOZH about

URL: https://deepwiki.com/hypervel/permission/4.2-role-model

⇱ Role Model | hypervel/permission | DeepWiki

Loading...
Loading...
Menu

Role Model

Purpose and Scope

This page documents the Role model class, which represents a role entity in the permission system. The Role model is a standard Eloquent model that serves as a container for permissions and can be assigned to owner entities (users, teams, etc.).

For information about the database schema that stores roles, see Database Migrations. For details about the Permission model and its relationship with roles, see Permission Model. For comprehensive documentation of permission-checking methods available on the Role model, see HasPermission Trait.

Sources: src/Models/Role.php1-49

Class Structure

The Role model is located at src/Models/Role.php and follows this inheritance hierarchy:



The Role model:


    

  • Extends Hypervel\Database\Eloquent\Model - provides standard Eloquent ORM functionality
    • 

  • Implements Hypervel\Permission\Contracts\Role - enforces the permissions() method contract
    • 

  • Uses Hypervel\Permission\Traits\HasPermission - gains permission assignment and checking capabilities
    • 



Sources: src/Models/Role.php22-24 src/Contracts/Role.php1-18




Attributes and Properties


The Role model defines the following attributes:

















































AttributeTypeDescriptionFillable
idintPrimary key identifierNo
namestringRole name (e.g., "admin", "editor")Yes
guard_namestringAuthentication guard identifierYes
created_atCarbonTimestamp when role was createdNo
updated_atCarbonTimestamp when role was last modifiedNo
permissionsCollection<Permission>Related permissions (read-only)No


Mass Assignment


Only name and guard_name are mass assignable through the $fillable property:




Sources: src/Models/Role.php15-32




Permissions Relationship


The Role model defines a many-to-many relationship with the Permission model through the permissions() method.


Relationship Configuration




The relationship is defined at src/Models/Role.php37-47 with the following characteristics:










































Configuration AspectValueConfig Key
Related ModelPermission::classpermission.models.permission
Pivot Tablerole_has_permissionspermission.table_names.role_has_permissions
Foreign Keyrole_idpermission.column_names.role_pivot_key
Related Keypermission_idpermission.column_names.permission_pivot_key
TimestampsEnabledN/A
Pivot Columnsis_forbiddenN/A


Pivot Table Features


The relationship includes two important pivot table features:


    

  1. Timestamps: The pivot table tracks when permissions are attached/detached via ->withTimestamps()
    2. 

  2. Forbidden Flag: The is_forbidden boolean column enables negative permissions (explicit denials) via ->withPivot(['is_forbidden'])
    3. 



When is_forbidden is true, the permission is explicitly denied to the role, overriding any other permission grants.


Sources: src/Models/Role.php37-47 src/Contracts/Role.php14-17




Guard Name System


The guard_name attribute links roles to specific authentication guards, enabling multi-tenancy and context-specific authorization.


Guard Name Usage Pattern




Key Characteristics


    

  • Guard Isolation: Roles with different guard_name values operate independently
    • 

  • Default Value: The system uses a configured default guard if none is specified
    • 

  • Query Filtering: Permission lookups automatically filter by the current guard context
    • 

  • Multi-Context Support: The same entity can have different roles in different guard contexts
    • 



Example: A user might have the "editor" role for the "web" guard and "viewer" role for the "api" guard simultaneously.


Sources: src/Models/Role.php29-32




HasPermission Trait Integration


The Role model uses the HasPermission trait, which provides permission management capabilities. This creates a unique scenario where roles themselves can have permissions.


Inherited Methods




All methods from the trait are available on Role instances. Key methods include:










































MethodPurposeExample
hasPermission($permission)Check if role has a permission$role->hasPermission('edit-posts')
givePermissionTo(...$permissions)Assign permissions to role$role->givePermissionTo('edit', 'delete')
revokePermissionTo(...$permissions)Remove permissions from role$role->revokePermissionTo('delete')
syncPermissions($allow, $forbidden)Replace all permissions$role->syncPermissions(['edit'], ['delete'])
giveForbiddenTo(...$permissions)Explicitly deny permissions$role->giveForbiddenTo('admin-access')
getAllPermissions()Get all permissions$role->getAllPermissions()


Sources: src/Models/Role.php24 src/Traits/HasPermission.php26-534




Role-Specific Behavior


When the HasPermission trait is applied to a Role model, certain behaviors differ from when it's applied to owner models (like Users):


Special Handling in HasPermission




The trait detects when it's being used on a Role via checks like:




Key Differences


    

  1. 

    Permission via Roles: Roles don't have "permissions via roles" since they are roles
    


    2. 

  2. 

    Caching Strategy: Roles use the global roles cache instead of owner-specific cache
    


    3. 

  3. 

    Cache Invalidation: Modifying role permissions clears the global cache
    


    4. 

  4. 

    Forbidden Permission Checks: Roles bypass role-based forbidden checks
    


    5. 



Sources: src/Traits/HasPermission.php64-68 src/Traits/HasPermission.php131-133 src/Traits/HasPermission.php201-203 src/Traits/HasPermission.php279-283 src/Traits/HasPermission.php475-477




Database Configuration


The Role model's relationship method uses configuration values for flexibility and customization:


Configuration Mapping




The permissions() method retrieves configuration values at runtime:
































Configuration KeyDefault ValuePurpose
permission.models.permissionPermission::classClass name for Permission model
permission.table_names.role_has_permissionsrole_has_permissionsPivot table name
permission.column_names.role_pivot_keyrole_idForeign key to roles table
permission.column_names.permission_pivot_keypermission_idForeign key to permissions table


This configuration-driven approach allows customization without modifying the model code. For complete configuration documentation, see Configuration Reference.


Sources: src/Models/Role.php39-44




Usage Examples


Creating and Managing Roles




Accessing Role Permissions




Sources: src/Models/Role.php1-49 src/Traits/HasPermission.php276-363