In my Laravel application, I have a Model called Project
which has, among others, a property called approved_at
. There is also a ProjectController
, which contains the usual methods *(index
, show
, create
, update
, edit
...)
Now, the user that created the Project
can edit it (modifying its other attributes), but only some "staff" members have the right to approve one.
From what I understand, there can be two ways to handle the approval operation:
- Both users, from their respective views (let's call them
edit
andapprove
) fire theProjectController@update
method, which will internally distinguish who-can-do-what by means of authorization or policies; - I create a new
ProjectApprovalController
, with its ownupdate
method, and check the authorization at the endpoint (eg,/projects/{id}/approve
).
What is the best approach to tackle this behaviour?
from Newest questions tagged laravel-5 - Stack Overflow https://ift.tt/3y3hBM5
via IFTTT
Aucun commentaire:
Enregistrer un commentaire