I am currently adding permissions/roles/authorization to an Laravel application.
In the application's database are users, companies and products. Companies have many users and a product belongs to a company.
Now I want to authorize company's users, to create a product for their company.
In my ProductController.php I have somethink like this:
public function create(Request $request)
{
$company = Company::findOrFail($request→get('company_id'));
return view('product.create', compact('company');
}
One option, would be to use Gate::authorize() after getting the company and pass the $company to the authorize-method.
Question: But how can I solve this, if I don't want to use Gate::authorize(). So in case I want to use policies?
Another Question: I see several ways to authorize: Gate::authorize(), policies, StoreProduct's authorize(), ... Which one should I use? Should I always implement StoreProduct's authorize() event if I use policies for example?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire