I am trying to implement authorization in Laravel, following this guide.
SubscriptionPolicy:
public function manage($user) {
return in_array($user->type, ['developer', 'admin', 'operations']);
}
SubscriptionController:
public function __construct() {
$this->authorize('manage', Subscription::class);
}
The ability manage is not a method in SubscriptionController. The ability is for authorizing any method in the controller.
In the controllers, everything seems to work fine, i.e. if user is not authorized to add/edit/delete/view a Subscription, user gets a 403.
Now I would like to have certain menu items not show if the user is not authorized. However I can't get the @can directive to work.
@can('manage', Subscription::class)
<li><a href="{{ route('subscriptions.index') }}">Subscriptions</a></li>
@endcan
That is, the menu item is always not shown (authorization always fails).
I am on Laravel 5.1.24
What am I missing?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire