I have an app that has a user type that should have a severely locked down user experience, meaning that they should only be able to update certain attributes of a model, not delete things etc. What approach could I use to make it so users making requests can only do what is set out in the user type rules, so for example I have a project model and the model has attributes,
A limited user should not be able edit the price, start date, end date. Is there a way to use the fillable attribute and reset it based on the on the lever of the user that is making the request?
You can create a repository and handle the execution of that code in there removing fields if the user is "limited". Or you can create a function in your model and call it which would check the permissions of the logged in user.
There is no "default" way to have the fillable fields transpose to what a user role is allowed too. You will need to code that yourself.