I am following Jeffrey Way's laracasts from scratch and he mentions registering the ProjectPolicy.php in AuthServiceProvider.php. However, I tried refreshing my auth page to check on some other account without doing so, and it still works.
This is a weird question because I think I'm wasting time on something which works and I shouldnt be worried about. Below is the code snippet.
Ive tried commenting quite a few LoCs which I thought could be used by the framework to authorize the pages-
ProjectsController.php
public function __construct(){
// $this->middleware('auth');
}
unedited version for the question, here.
show() method in ProjectsController.php
public function show(Project $project, Twitter $twitter)
{
// $twitter = app('twitter');
// dd($twitter);
// abort_if($project->owner_id !== auth()->id(),403);
//abort_unless();
$this->authorize('view',$project);
return view('project.show',compact('project'));
}
ProjectPolicy.php
public function view(User $user, Project $project)
{
return $project->owner_id == $user->id;//works even if I remove this
}// works even if I remove the complete method.
ProjectsController.php
public function show(Project $project, Twitter $twitter)//edited
{
$this->authorize('view',$project);//the authorization is enabled just by this loc.
return view('project.show',compact('project'));
}
I am so confused so as to how this is still working.
How is the framework picking up authorize('view',$project);
even when Im removing the view() method?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire