I'm following this tutorial https://learn2torials.com/a/laravel-authentication-based-on-roles.
Works fine and very simple to implement, but I'd like hide some routes for admin roles, so I need to implement permissions, like 'can_view', 'can_update' etc. I read something about Gates and Policy but I'm still confused.
Is a simple way for extends this tutorial? I'd like to avoid using package Spatie/Permissions.
thanks in advance!
You can resolve this easily using Policies.
Just create the a file in the app\Policies folder
, with your policy definition:
<?php
namespace App\Policies;
use App\Models\User;
use App\Models\Expedient;
class ExpedientPolicy
{
/**
* Editing allowed for the person in charge of an open expedient
* @param \App\Models\User $user
* @param \App\Models\Expedient $expedient
* @return bool
*/
public function editExp(User $user, Expedient $expedient) {
return (!$expedient->exp_close && ($expedient->responsible == $user->id));
}
}
And register it in app\Providers\AuthServiceProvider.php
:
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
Expedient::class => ExpedientPolicy::class,
];
Now you can use this policy with
@can('editExp', $expedient)