The admin user can view all posts on the homepage and access the update page for each post
$gate->before(function(User $user, $ability)
{
if ($user->hasAnyRoles('adm') )
return true;
});
This is ok
But I do not know what I am doing wrong in the policies because other users can see all posts at home page but can not access the post update page that they have created, access is denied.
Home Controller
<?php
namespace App\Http\Controllers;
use App\Http\Requests;
use Illuminate\Http\Request;
use App\Post;
use Gate;
class HomeController extends Controller
{
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('auth');
}
/**
* Show the application dashboard.
*
* @return \Illuminate\Http\Response
*/
public function index(Post $post)
{
$posts = $post->all();
return view('home', compact('posts'));
}
public function update($idPost)
{
$post = Post::find($idPost);
if(Gate::denies('update-post', $post))
abort(403);
return view('update-post', compact('post'));
}
}
class AuthServiceProvider
<?php
namespace App\Providers;
use Illuminate\Contracts\Auth\Access\Gate as GateContract;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use App\Post;
use App\User;
use App\Permission;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
];
/**
* Register any application authentication / authorization services.
*
* @param \Illuminate\Contracts\Auth\Access\Gate $gate
* @return void
*/
public function boot(GateContract $gate)
{
$this->registerPolicies($gate);
$permissions = Permission::with('roles')->get();
foreach( $permissions as $permission)
{
$gate->define($permission->name, function(User $user) use ($permission){
return $user->hasPermission($permission);
});
}
$gate->before(function(User $user, $ability)
{
if ($user->hasAnyRoles('adm') )
return true;
});
}
}
from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/2gps9xP
via IFTTT
Aucun commentaire:
Enregistrer un commentaire