dimanche 21 février 2016

laravel authorization - allow user to edit own profile

I have 3 user types: admin, teacher, student.

I created a policy manage so that only admins can edit users:

UserController:

$this->authorize('manage', User::class);

UserPolicy:

public function manage($user) {
    return $user->type === 'admin';
}

where $user is the currently authenticated user.

I would like to modify my manage policy so that a User can modify his own profile. I have tried:

UserController:

$this->authorize('manage', User::class, $userToEdit);

UserPolicy:

public function manage($user, $userToEdit) {
    return $user->type === 'admin' || $user->id === $userToEdit->id;
}

but it doesn't work. Any ideas on how to achieve this?



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire