In my Laravel application, I have a Model called Project which has, among others, a property called approved_at. There is also a ProjectController, which contains the usual methods *(index, show, create, update, edit...)
Now, the user that created the Project can edit it (modifying its other attributes), but only some "staff" members have the right to approve one.
From what I understand, there can be two ways to handle the approval operation:
- Both users, from their respective views (let's call them
editandapprove) fire theProjectController@updatemethod, which will internally distinguish who-can-do-what by means of authorization or policies; - I create a new
ProjectApprovalController, with its ownupdatemethod, and check the authorization at the endpoint (eg,/projects/{id}/approve).
What is the best approach to tackle this behaviour?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire