I'm using laravel basic policy system to protect unauthorized user from update post. For Example User have Id 1 and In posts Table User_id is also 1.
Now in $this->authorize('update',$post); way i can pass only one variable $post to authenticate .while in can method i can also use $user variable $user->can('update',$post) for authorize. Here is code
In PostPolicy.php
public function update(User $user, Post $post)
{
return $user->id === $post->user_id;
}
In AuthServiceProvider.php
protected $policies = [
Post::class => PostPolicy::class
]
In Controller Authorize way
public function update(Request $request, $id)
{
$post=Post::find(1);
$user=User::find(1);
$this->authorize('update',$post);
return 'Hello Everything Access For You ';
}
Using Can method in Controller
public function update(Request $request, $id)
{
$post=Post::find(1);
$user=User::find(1);
if($user->can('update',$post)){
return 'Your are allowed';
}
else
{
return 'Your are Not allowed';
}
}
is i'm right for these two functions. Is there any Difference. Which method i have to use. Thanks in Advance
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire