You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+2-41
Original file line number
Diff line number
Diff line change
@@ -506,48 +506,9 @@ All these responses are collections of `Spatie\Permission\Models\Permission` obj
506
506
If we follow the previous example, the first response will be a collection with the `delete article` permission and
507
507
the second will be a collection with the `edit article` permission and the third will contain both.
508
508
509
-
### Using in Controllers with Laravel's authorize method
509
+
### NOTE about using permission names in policies
510
510
511
-
Laravel's `Controller` base class has an `authorize` method that will check a user's authorization and return a HTTP 403 if the user is not authorized. This is a convenient way to keep your controller methods short, and it can work nicely with this package.
512
-
513
-
However, when used with this package you need to be aware of the order in which the authorizations methods are attempted.
514
-
515
-
With the code below, if the user has the permission `show`, then they will be authorized and the `PostPolicy``show` method will not be executed.
516
-
517
-
If the user does **not** have the permission `show`, then the `PostPolicy``show` method will be executed, and in this example the user will be authorized if they own the post.
518
-
519
-
```php
520
-
class AuthServiceProvider extends ServiceProvider
521
-
{
522
-
protected $policies = [
523
-
\App\Post::class => \App\Policies\Post::class,
524
-
];
525
-
}
526
-
527
-
class PostController extends Controller
528
-
{
529
-
public function show(Post $post)
530
-
{
531
-
$this->authorize('show', $post);
532
-
533
-
return view('post.show',compact($post));
534
-
}
535
-
}
536
-
537
-
class PostPolicy
538
-
{
539
-
use HandlesAuthorization;
540
-
541
-
public function show(User $user, $post)
542
-
{
543
-
if ($user->id === $post->user_id) {
544
-
return true;
545
-
}
546
-
547
-
return false;
548
-
}
549
-
}
550
-
```
511
+
When calling `authorize()` for a policy method, if you have a permission named the same as one of those policy methods, your permission "name" will take precedence and not fire the policy. For this reason it may be wise to avoid naming your permissions the same as the methods in your policy. While you can define your own method names, you can read more about the defaults Laravel offers in Laravel's documentation at https://laravel.com/docs/5.8/authorization#writing-policies
551
512
552
513
### Using Blade directives
553
514
This package also adds Blade directives to verify whether the currently logged in user has all or any of a given list of roles.
0 commit comments