When using teams, how to get Global Permissions (and roles) along with Current Team Permissions.

[muhzak]

https://spatie.be/docs/laravel-permission/v6/basic-usage/teams-permissions

I am confused and I want to make sure I understand this properly.

I want to access all the roles a user has on the current team, plus all the roles and permissions they have at the global level.

Does that mean I need to do the following or is there a better way?

// set null as my permissions team ID 
setPermissionsTeamId(null);
$this->unsetRelation('roles')->unsetRelation('permissions');
$globalPermissions = $this->objPermissions(); 

//then go back to the current Team ID:
setPermissionsTeamId($currentTeamId);
$user->unsetRelation('roles')->unsetRelation('permissions');
$currentTeamPermissions =  $this->objPermissions(); 

[Twyar]

Wondering the same.
Currently I have a Event model which has a many-to-many relationship with the Team model.
In the EventPolicy I am currently doing.

<?php

namespace App\Policies;

use App\Models\Event;
use App\Models\User;

class EventPolicy
{
    /**
     * Determine whether the user can view any models.
     *
     * @param \App\Models\User $user
     *
     * @return bool
     */
    public function viewAny(User $user): bool
    {
        setPermissionsTeamId($user->currentTeam->id);
        return (
            $user->can('events.view-all')
        );
    }

    /**
     * Determine whether the user can view the model.
     *
     * @param \App\Models\User $user
     * @param \App\Models\Event $team
     *
     * @return bool
     */
    public function view(User $user, Event $team): bool
    {
        setPermissionsTeamId($user->currentTeam->id);
        return (
            $user->can('events.view') &&
            $user->currentTeam->events->contains($team->id)
        );
    }<?php

namespace App\Policies;

use App\Models\Event;
use App\Models\User;

class EventPolicy
{
    /**
     * Determine whether the user can view any models.
     *
     * @param \App\Models\User $user
     *
     * @return bool
     */
    public function viewAny(User $user): bool
    {
        setPermissionsTeamId($user->currentTeam->id);
        return (
            $user->can('events.view-all')
        );
    }

    /**
     * Determine whether the user can view the model.
     *
     * @param \App\Models\User $user
     * @param \App\Models\Event $team
     *
     * @return bool
     */
    public function view(User $user, Event $team): bool
    {
        setPermissionsTeamId($user->currentTeam->id);
        return (
            $user->can('events.view') &&
            $user->currentTeam->events->contains($team->id)
        );
    }
}

But feels a bit weird to do setPermissionsTeamId every single time in all policies/methods etc.
I tried the TeamMiddleware they recommend but that doesn't seem to work.
https://spatie.be/docs/laravel-permission/v6/basic-usage/teams-permissions#content-working-with-teams-permissions

[parallels999]

Did you add the middlewarePriority??
Also try to check session('team_id'), maybe the session value used by the middleware is not being set.

it is working for me

[muhzak]

To answer my question to others / my future self if I forget. The answer is a Global Role needs to be attached for the user for every team. That's the part I was not implementing properly.

Example
I have a super admin user, user_id = 1
I have a "Super-Admin" role, with role_id = 1
and let's say I have 1000 teams.

This means my model_has_roles table will have 1000 rows of role_id 1 and user_id 1 along with the 1000 teams.

[erikn69]

"Super-Admin" example on docs
https://spatie.be/docs/laravel-permission/v6/basic-usage/teams-permissions#content-defining-a-super-admin-on-teams