You need a setup like following. Create classes (models) with four tables (users, roles, permissions and permission_role):
Table roles
:
id | name (role name)
1 | admin
2 | user
Model Role
:
class Role extends ELoquent {
protected $table = 'roles';
public function users()
{
return $this->hasMany('User', 'role_id', 'id');
}
public function permissions()
{
return $this->belongsToMany('Permission');
}
}
Table permissions
:
id | name (permission name)
1 | manage_pages (add/edit/delete)
2 | manage_users (add/edit/delete)
3 | page_about (access allowed to about page)
4 | page_contact (access allowed to contact page)
Model Permission
class Permission extends ELoquent {
protected $table = 'permissions';
public function roles()
{
return $this->belongsToMany('Role');
}
}
Table users
:
id | username | email | password | role_id | more...
1 | admin | admin@ymail.com | hashed | 1 | more...
2 | user1 | user1@ymail.com | hashed | 2 | more...
3 | user2 | user2@ymail.com | hashed | 2 | more...
Model User
class User extends ELoquent {
protected $table = 'users';
public function role()
{
return $this->belongsTo('Role', 'role_id', 'id');
}
public function can($perm = null)
{
if(is_null($perm)) return false;
$perms = $this->role->permissions->fetch('name');
return in_array($perm, $perms->toArray());
}
}
Table permission_role
(pivot table):
id | permission_id | role_id
1 | 1 | 1
2 | 2 | 1
3 | 3 | 1
4 | 4 | 1
5 | 3 | 2
6 | 4 | 2
Once you have this setup then you may create filters or in your class method you may check if a logged in user has specific rule or permission then allow access to a page, otherwise doesn't allow. For example, you may check if a logged in user can access a page using something like this:
if(Auth::user->can('manage_pages')) {
// Let him/her to add/edit/delete any page
}
Since your pages are dynamic and all pages are being shown by show
method then in your show
method you may check something like this:
public function show($slug = 'home')
{
// assumed page slug is 'about'
$permission = 'page_' . $slug;
if(Auth::user->can($permission)) {
$page = page::whereSlug('home')->get();
return View::make('pages.index')->with('page', $page);
}
}
This is really a big issue and you have to figure it out by your self. I gave you the basic idea with some implementations, now you should extend it.
P/S: It's not possible to answer everything from the ground but I'm involved with another answer of this same project of your's and I suggested you to implement a permission base (ACL) so I tried to help but you need to try to implement the rest. All the best.