Category : laravel-authorization

I have three Eloquent models for a recipe management application, where User has many cookbook, cookbook has many recipes and so on (see below). To authorize I’m using this policy: public function view(User $user, Recipes $recipe) { return $user->id === $recipe->cookbook->user_id; } Here is the controller public function show($id) { $recipe = Recipes::find($id); $this->authorize(‘view’, $recipe); ..

Read more

Im building a multi tenant application using Laravel 8 and Stancl Tenancy V3, I’m trying to login a user on both central and tenant databases. Here is my code so far which works for authenticating a user via the central database and logging them in on the tenant database. How can I login on both ..

Read more

authorization and authentication flow Clients: I plan to develop Web Apps in React/Angular with Apollo Client, desktop application with Java and native Android/IOS application I want to find a way following good practices to understand and implement the flow described above. I use laravel as backend server and Lighthouse as GraphQL server, i have read ..

Read more

I am not able to get the permission function working using @can inside blade. When I am adding @can in blade the div get disappeared where the user logged in has all the permissions. Please help me find what is the issue. Thanks in Advance. Added web middleware ⇒ AppHttpMiddlewareRolePermissionCheck::class, RolePermissioncheck.php <?php namespace AppHttpMiddleware; use ..

Read more

In order to control authorization I’m using the following $this->authorize(‘show’, $organization,AppOrganization::class); or $this->authorize(‘show’, $garden,AppGarden::class); How to control the authorization based on both at the same time? In particular, when someone can’t have access based in this one $this->authorize(‘show’, $organization,AppOrganization::class); then check the other $this->authorize(‘show’, $garden,AppGarden::class); and only if that one fails too the person must ..

Read more

I’m making an app that uses jwt as authentication system , when I try to update my Category model the policy always returns 403 unauthorized, I’m using apiResource to crud my model. my code in api.php: Route::apiResource(‘category’, CategoryController::class); in CategoryController.php: public function update(Request $request, $id) { // print_r($request->all()); $validator = Validator::make( $request->all(), [ ‘name’ => ..

Read more

in ServiceProvider.php I have set this code public function boot() { $this->registerPolicies(); Gate::define(‘isSuperAdmin’, function ($user) { return $user->role_id === 1; }); Gate::define(‘isAdmin’, function ($user) { return $user->role_id === 2; }); Gate::define(‘isAuthor’, function ($user) { return $user->role_id === 3; }); Gate::define(‘isUser’, function ($user) { return $user->role_id === 4; }); Passport::routes(); } and in blade file I ..

Read more

As per laravel official documentation, if the after callback returns a non-null result that result will be considered the result of the check. But when I declare after callback and overwrite the value as false, it still returns the previous value. What am I missing? How to override the value in Gate::after ? Gate::define(‘edit-settings’, function ..

Read more

I have index method in controller like this public function index() { $this->authorize(‘index’, Contact::class); …. } and index method in ContactPolicy public function index() { return Auth::user()->can(‘view_Contact’); } and test method like this /** @test */ public function a_user_without_permission_can_not_see_contacts() { $this->login([‘no_permission’]); $this->get(‘/contacts’) ->assertStatus(403); } When I run my test show me this error 1) TestsFeatureAccountTest::a_user_without_permission_can_not_see_contacts ..

Read more

I have update method like this public function update(Contact $contact) { $this->authorize(‘ownItems’, $contact); …… } and ContactPolicy : public function ownItem(User $user,Contact $contact) { return true; } It work correctly but when I replace Contcact to ContactRequest in my update method show me this : 403 This action is unauthorized. update method : public function ..

Read more