I created a Laravel policy called "UserPolicy" which is supposed to filter out users that do not have the permission to edit, delete, and update other users. The problem is that I am trying to pass an external user's information to the policy. But instead, it just returns the authenticated users information.
My Policy:
public function edit(?User $user)
{
if(auth()->check()) {
dd($user);
$userpower = auth()->user()->roles()->min('power');
if($userpower <= $user->power) {
return true;
} else {
return false;
}
} else {
return false;
}
}
My Controller:
public function edit(User $user)
{
$this->authorize('edit', $user);
$roles = Role::all();
$user = User::where('steamid', $user->steamid)->with('roles')->first();
return view('manage.includes.users.edit')->with(compact('user', 'roles'));
}
For example, I am the user Bob. I am trying to edit the user, John. As a test, I included the dd() function to dump the $user information that is passing into the Policy. After seeing the results, instead of John's information being passed, it is Bob's. How can I make it where it is John's information and not Bob's.
Thank you for your help, if you need more information please let me know.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire