Best practise for temporarily revoking a user permission

[benwrigley]

I'm just in the process of implementing this package in my project and I'm curious about a best practise.

If I assign a user a particular Role which gives them a bunch of Permissions and at some point I want to temporarily revoke a Permission, how would/should I do that?

$user->givePermissionTo('do something') - this works
$user->revokePermissionTo('do something') - all good
$user->assignRole('gold package') (which has 'do something' assigned to it) - works fine
$user->revokePermissionTo('do something') - this doesn't work

Is there a correct way to do this? Sorry if I've missed something obvious in the docs

[drbyte]

This package only adds more access, never taking away. Better to make separate roles and apply them in layers. One workaround could be to create a separate role or permission named "denied (whatever)", and then in your app code check for both "can(whatever)" and "cannot 'denied(whatever)'". It's a bit hacky, not recommended, but could work if it's a common situation. Maybe that gives you some other ways to think about it.

[benwrigley]

Thanks for the speedy reply!

Ah ok I see. I had imagined this might be quite a common issue, so I I suspect I'm not designing my app in a very sensible way!

I'll have to have a bit more of a think about it... Thank you!