dimanche 27 juin 2021

Laravel Controller update model from different users

In my Laravel application, I have a Model called Project which has, among others, a property called approved_at. There is also a ProjectController, which contains the usual methods *(index, show, create, update, edit...)

Now, the user that created the Project can edit it (modifying its other attributes), but only some "staff" members have the right to approve one.

From what I understand, there can be two ways to handle the approval operation:

  1. Both users, from their respective views (let's call them edit and approve) fire the ProjectController@update method, which will internally distinguish who-can-do-what by means of authorization or policies;
  2. I create a new ProjectApprovalController, with its own update method, and check the authorization at the endpoint (eg, /projects/{id}/approve).

What is the best approach to tackle this behaviour?



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire