Permissions Controller Around User Own Objects

[devajmeireles]

Hi, everyone!

Using spatie/laravel-permissions can I find the same behavior as Laravel Gates in the sense of only allowing a "post" to be edited if the user is actually the owner of the post?

[drbyte]

Yes, for that you use Laravel Policies.

You can define your policy logic (in the policy class methods) as combinations of any rules you need to enforce. So that could be checking roles/permissions, and checking model properties, and checking any other information needed, before returning true/false to authorize the requested operation.

To be clear: this package only provides the relationships between roles/permissions and users, and an API to check for those. All the stuff you mention is "implementation details" of your app, and you can simply call this package's API methods in order to access the information it provides ... and mixing that with whatever the rest of your app logic requires.

[devajmeireles]

Let me see if I understand.

If I wanted to check if the user is the owner of a post, would it be correct to use Laravel Policy or could I use Spatie Permission and with it I would be able to call a Laravel Policy rule?

Thank you for your cooperation.