I have a route like this:
`Route::get('{username}/posts','PostController@editorPost')->name('post.editor')`;
i want to prevent other editor from viewing the post that doesn't belong to them. I try to make PostPolicy like this:
public function view(User $user, Post $post)
{
return $user->id === $post->user_id || $user->hasRole('admin');
}
so how can i authorize user in my PostController? and do i write the policy correctly? since it use username, not user id. Thanks.
from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/2iRZiFi
via IFTTT
Aucun commentaire:
Enregistrer un commentaire