php laravel laravel-5 laravel-5.8 laravel-authorization

Laravel 5.8 send parameters to authorize method FormRequest Class

I have update and store method like this

public function update(ContactRequest $request)
{
   if (Auth::user()->can('edit_contact'))
         $request->update();
   else 
        return $this->accessDenied();
}
public function store(ContactRequest $request)
{
   if (Auth::user()->can('add_contact'))
         $request->store();
   else 
        return $this->accessDenied();
}

and authorize in FormRequest class

public function authorize()
{
    return   \Gate::allows('test', $this->route('contact'));
}

I want to pass permission name to authorize method like this:

public function authorize($permissionName)
{
    if (Auth::user()->can($permissionName))
          return   \Gate::allows('test', $this->route('contact'));
}

and in controller like this

public function update(ContactRequest $request)
{
     $request->update('edit_contact');
}
public function store(ContactRequest $request)
{
     $request->store('add_contact');
}

Solution

You have 3 options:

Change your authorization method to this:

public function authorize()
{
    return $this->user()->can(
            $this->route()->getActionMethod() === 'store'
                ? 'add_contact'
                : 'edit_contact'
        )
        && \Gate::allows('test', $this->route('contact'));
}

Make your authorize method of request return true and check authorization by defining another gate an call it on your controller:

public function authorize()
{
    return true;
}

Gate::define('modify_contact', function ($user, $permissionName) {
    return $user->can($permissionName)
        && $user->can('test', $request->route('contact'));
});

public function update(ContactRequest $request)
{
     Gate::authorize('modify_contact', 'edit_contact');
     //...
}
public function store(ContactRequest $request)
{
     Gate::authorize('modify_contact', 'add_contact');
     //...
}

Define and use policy the same way and pass your arguments to it.