When using a full page livewire component, is it sufficient to put the authorization in the route, or should you also have authorization in the component class itself?
For example I have a route such as this:
Route::middleware(['can:business.create'])->get('create',\App\Http\Livewire\Business\Create::class)->name('business.create');
In this route we use the "can:" middlewire to check if the user has the "business.create" permission.
Do I need to put any $this->authorize() into the function mount on my Business livewire component?
For example:
use AuthorizesRequests;
public function mount(){
$this->authorize('can', 'business.create');
}
To me this looks redundant and unnecessary, but I'm not sure how the livewire behind-the-scenes api works, and if someone can hit the api backend directly and skip the route file middlewire?
I would highly recommend to use it inside the mount() because livewire is meant to be used as components, resuable components.
This way you won't have to repeat the middleware logic for both the route files.