Integrity constraint violation: 1048 Column 'team_id' cannot be null #2088

you have to customize migration(#1980) and relation roles on User model with whereNull($teamField)->orWhere($teamField,getPermissionsTeamId()) instead of wherePivot, but that maybe breaks other things

laravel-permission/src/Traits/HasRoles.php

Lines 57 to 62 in 6a3ed62

    
               return $relation->wherePivot(PermissionRegistrar::$teamsKey, getPermissionsTeamId()) 
        
                   ->where(function ($q) { 
        
                       $teamField = config('permission.table_names.roles').'.'.PermissionRegistrar::$teamsKey; 
        
                       $q->whereNull($teamField)->orWhere($teamField, getPermissionsTeamId()); 
        
                   }); 
        
           }

0 replies

AAllport · 2022-01-16T16:05:42Z

AAllport
Jan 16, 2022

We're also interested in this feature!
Creating a SASS project where there's a permission structure within each Customer (team) and a permission structure for support.
Such structure will mean we won't have to create a fake Customer to assign support permission roles

0 replies

PaolaRuby · 2022-01-17T17:20:02Z

PaolaRuby
Jan 17, 2022

What if we want to set a Super Admin across the site, without having to set the super admin for every team.. what would you recommend?

@haleyngonadi just add a field on user's table like 'is_admin', and

Gate::before(function ($user, $ability) {
    return $user->is_admin ? true : null;
});

https://spatie.be/index.php/docs/laravel-permission/v5/basic-usage/super-admin

0 replies

inmanturbo · 2022-02-24T19:05:38Z

inmanturbo
Feb 24, 2022

I took this to be a bug at first simply because the behavior is not what you expect from this portion of the docs:

See #Roles Creating

When creating a role you can pass the team_id as an optional parameter

// with null team_id it creates a global role, global roles can be assigned to any team and they are unique
Role::create(['name' => 'writer', 'team_id' => null]);

// creates a role with team_id = 1, team roles can have the same name on different teams
Role::create(['name' => 'reader', 'team_id' => 1]);

// creating a role without team_id makes the role take the default global team_id
Role::create(['name' => 'reviewer']);

But when you attempt to assign the role you run into the error mentioned above.

However, if you read ahead a little further the docs explain that the team_id is always required on the relationship, and an example is provided as to how to use the boot method to hook into the created event and ensure that the proper id for the current team context is assigned.

0 replies

singleseeker · 2022-02-28T02:06:56Z

singleseeker
Feb 28, 2022

Any update? Hope this could be fixed.

0 replies

erikn69 · 2022-02-28T13:08:09Z

erikn69
Feb 28, 2022

Is a expected behaivor

0 replies

ninjasitm · 2022-03-01T14:45:48Z

ninjasitm
Mar 1, 2022

For anyone looking for a solution, not sure how this breaks the functionality as you'll need to ensure that you setPermissionsTeamId($id) where needed; however this solution allows me to find super admin and developer roles as needed. In your User class. Solved a huge headache for me where newly onboarded devs couldn't access our super admin portal for a client project:

    /**
     * A model may have multiple roles.
     */
    public function roles(): BelongsToMany
    {
        $relation = $this->morphToMany(
            config('permission.models.role'),
            'model',
            config('permission.table_names.model_has_roles'),
            config('permission.column_names.model_morph_key'),
            PermissionRegistrar::$pivotRole
        );

        if (!PermissionRegistrar::$teams) {
            return $relation;
        }

        $teamId = getPermissionsTeamId();
        if ($teamId) {
            return $relation->wherePivot(PermissionRegistrar::$teamsKey, $teamId)
                ->where(function ($q) use ($teamId) {
                    $teamField = config('permission.table_names.roles') . '.' . PermissionRegistrar::$teamsKey;
                    $q->whereNull($teamField)->orWhere($teamField, $teamId);
                });
        }
        return $relation;
    }

0 replies

marksparrish · 2022-03-06T23:41:35Z

marksparrish
Mar 6, 2022

Seems like we should create a "Global Team". When you create a new user or when a user registers, this user would be assigned to the global team as well as a personal team. I know I was trying to figure out how to prevent a user from having a personal team but still see global assets. I think this would solve my issue. When the package is installed a question could be asked "Do you need a 'Global Team?" The global_team_id could be recorded in the permissions.php config file or as their personal team.

0 replies

lukebouch · 2022-04-06T19:30:31Z

lukebouch
Apr 6, 2022

I'm running into the same issue. I need roles and permissions both at the team level and at the global level. In fact, I actually need roles at three different levels.

It would be great if this could be supported.

0 replies

erikn69 · 2022-04-07T14:57:05Z

erikn69
Apr 7, 2022

@lukebouch you can overwrite everything you need

0 replies

lukebouch · 2022-04-07T15:00:22Z

lukebouch
Apr 7, 2022

@erikn69 ok. I will try that.

You said it might break other things. What might it break?

0 replies

erikn69 · 2022-04-07T15:04:30Z

erikn69
Apr 7, 2022

I would not be able to answer that, because you will have your own code, with a functionality that is not what was expected, only you could check that it was broken, maybe run the tests with your changes

0 replies

ghost · 2023-02-14T15:44:13Z

ghost
Feb 14, 2023

7 replies

ghost Feb 14, 2023

@parallels999 I replicated what you said and it seems to be true, it runs into the RoleAlreadyExists. How would you accomplish this?

erikn69 Feb 14, 2023

// with null team_id it creates a global role, global roles can be assigned to any team and they are unique
Role::create(['name' => 'writer', 'team_id' => null]);

// creates a role with team_id = 1, team roles can have the same name on different teams
Role::create(['name' => 'reader', 'team_id' => 1]);

// creating a role without team_id makes the role take the default global team_id
Role::create(['name' => 'reviewer']);

Just follow documentation, so

setPermissionsTeamId(1); // needs team_id for session instance of user
// now we avoid `Integrity constraint violation: 1048 Column 'team_id' cannot be null`
// user has roles by team(always by team)
// roles can be global(same role for all teams), or especific role por team(could be duplicate on every team)
$user->assignRole(['super-admin', 'dev']); // it uses previus team_id (team_id=1)

ghost Feb 14, 2023

user has roles by team(always by team)

@erikn69 Can't you get around this by setting setPermissionsTeamId(0); or does this cause some unforeseen issue?

roles can be global(same role for all teams)

roles can be global but roles assigned to users can never be assigned global.

erikn69 Feb 14, 2023

Can't you get around this by setting setPermissionsTeamId(0); or does this cause some unforeseen issue?

Maybe, but you have to override to add that functionality and test it, also you have to check your custom code on every upgrade(BC)

roles can be global but roles assigned to users can never be assigned global.

You are right on that, but you can handle it with creating event on models, look defining-a-super-admin-on-teams

For example, you could add a field on roles for set as assigned global on every user, so, on user's created event assign all roles with that field, and on role's created event, roles with that field will be assign to every user, you could do with sync directly for performance

erikn69 Feb 16, 2023

@TechoLead any feedback?

yungifez · 2023-05-10T22:50:41Z

yungifez
May 10, 2023

Alright, so I came across a similar scenario. Since we are all for workarounds, here's what I did

Using multiple guards and assuming the admin area is different from the user area

To get 2 types of users, users with team roles and users with global roles,

I created a global guard ( in my case, it was actually system_user ), which users the users as its provider exactly like web but just a different name
I created a middleware that helps to set default guard and created an alias with name guard ( meaning to set default guard I do something like guard:global or guard:team
I created a trait and extended hasRoles, which I used in the user's table in place of the regular HasRoles
I extended the role function like this

`
public function roles()
{
$relation = $this->morphToMany(
config('permission.models.role'),
'model',

config('permission.table_names.model_has_roles'),
config('permission.column_names.model_morph_key'),
PermissionRegistrar::$pivotRole
);

    if (! PermissionRegistrar::$teams) {
        return $relation;
    }

    // return relations like normal spatie or relations with system user guard which are global roles
    // this implies that system user roles are global roles if and only if team id is null
    // if team id is not null then system user roles are treated normally
    return $relation->wherePivot(PermissionRegistrar::$teamsKey, getPermissionsTeamId())
        ->where(function ($q) {
            $teamField = config('permission.table_names.roles').'.'.PermissionRegistrar::$teamsKey;
            $q->whereNull($teamField)->orWhere($teamField, getPermissionsTeamId());
        })->orWhere(function ($q) {
            $teamField = config('permission.table_names.roles').'.'.PermissionRegistrar::$teamsKey;
            $q->whereIn('guard_name', ['global_guard'])->whereNull($teamField);
        });
}

`
This allows the roles to return global roles regardless of team id
( Note that team id must be null in the roles table, i.e., you must create it as a global role ).

This way, if you ever assign someone a global role with a team_id, you can check for permissions of that global role regardless of team_id set on model_has_roles table

I think I'm forgetting some things, and I did this just recently, so I've not totally tested it. But it shows promising results, though

If I see something I missed, I'll try my best to answer

If you have questions feel free to shoot.

And yes I know this approach isn't for everyone bit it's a good way to categorise roles

Checkout spatie multi auth part of the tutorial for drawbacks, which I my case proves to be an absolute win

4 replies

parallels999 May 11, 2023

So, if you try to detach a user to a team using syncRoles([]), will it delete the global roles on all teams?
for me this would need a lot of tests

yungifez May 11, 2023

So, if you try to detach a user to a team using syncRoles([]), will it delete the global roles on all teams?
for me this would need a lot of tests

It would detach all global roles a user has for all teams for global guard

But it wouldn't touch any of the global roles on team guard

This is because the only modification to behavior made here is fetching roles with global regardless of team id

parallels999 May 11, 2023

this is because the only modification to behavior made here is fetching roles with global regardless of team id

It's for the records, not everyone understands the change you're proposing, if someone copies it and doesn't know the behaviors they might have a problem

yungifez May 11, 2023

this is because the only modification to behavior made here is fetching roles with global regardless of team id

It's for the records, not everyone understands the change you're proposing, if someone copies it and doesn't know the behaviors they might have a problem

Yeah that's the issue

Ive even shared this concern with my boss

Another downside is having to deal with guards even when you are technically using the same sets of users

That is why I offered to answer any questions anyone has

I understand your concern, and it is extremely valid

But I'd be greedy not to share a solution i found to a problem many people have

Howaidamansour · 2024-04-23T11:49:36Z

Howaidamansour
Apr 23, 2024

set teams by false in config\permission.php

'teams' => false,

0 replies

thahulive · 2024-10-25T20:39:54Z

thahulive
Oct 25, 2024

class User
{
    protected static function booted(): void
    {
        // Default team
        $team = Team::find(1);
        
        static::creating(function (User $user) use ($team) {
            // Set permissions team ID
            setPermissionsTeamId($team->id);
        });

        static::created(function (User $user) use ($team) {
            // Attach user to default team
            $team->members()->attach($user);
        });
    }
}

0 replies

Uh oh!

Integrity constraint violation: 1048 Column 'team_id' cannot be null #2088

Uh oh!

Uh oh!

Replies: 18 comments · 11 replies

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Replies: 18 comments 11 replies