lundi 28 novembre 2016

Allow access to different permission rules - ACL LARAVEL

The admin user can view all posts on the homepage and access the update page for each post

 $gate->before(function(User $user, $ability)
    {
        if ($user->hasAnyRoles('adm') )
            return true;
    });

This is ok

But I do not know what I am doing wrong in the policies because other users can see all posts at home page but can not access the post update page that they have created, access is denied.

Home Controller

<?php

namespace App\Http\Controllers;

use App\Http\Requests;
use Illuminate\Http\Request;
use App\Post;
use Gate;

class HomeController extends Controller
{
    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth');
    }

    /**
     * Show the application dashboard.
     *
     * @return \Illuminate\Http\Response
     */
    public function index(Post $post)
    {
       $posts = $post->all();
        return view('home', compact('posts'));
    }


    public function update($idPost)
    {
        $post = Post::find($idPost);


        if(Gate::denies('update-post', $post))
            abort(403);

        return view('update-post', compact('post'));
    }  

}

class AuthServiceProvider

<?php

namespace App\Providers;

use Illuminate\Contracts\Auth\Access\Gate as GateContract;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use App\Post;
use App\User;
use App\Permission;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [

    ];


    /**
     * Register any application authentication / authorization services.
     *
     * @param  \Illuminate\Contracts\Auth\Access\Gate  $gate
     * @return void
     */
    public function boot(GateContract $gate)
    {
        $this->registerPolicies($gate);

        $permissions = Permission::with('roles')->get();
            foreach( $permissions as $permission)
            {
                $gate->define($permission->name, function(User $user) use ($permission){
                        return $user->hasPermission($permission);
                });
            }



        $gate->before(function(User $user, $ability)
        {
            if ($user->hasAnyRoles('adm') )
                return true;
        });

    }
}



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire