vendredi 18 mai 2018

Is there a proper way to "authenticate after validation" in Laravel?

The problem is that both FormRequest::authorize and resource policy is called before the validation of FormRequest.

Szenario:

I want to authenticate the create of a category in a specific department. The payload of the request contains the label and the department_id.

Not every user is allowed to create categories. It's restricted to the write permission of its department. With the background that validation follows the authentication I get either:

  • ModelNotFoundException if the department_id is not valid (I need to get it to check the write permission).

or:

  • Unauthorized if I skip Department::find or catch the exception when Policy::create is called (since the actual department permission check fails)

My current solution is to create a createCategoryValidator in my policy and throw an ValidationException when it fails. It feels wrong, I would like to know if there is a proper solution for this scenario?



via Chebli Mohamed
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)