Search code examples
laravelpermissionsroles

Laravel Permissions without package

I'm following this tutorial https://learn2torials.com/a/laravel-authentication-based-on-roles.

Works fine and very simple to implement, but I'd like hide some routes for admin roles, so I need to implement permissions, like 'can_view', 'can_update' etc. I read something about Gates and Policy but I'm still confused.

Is a simple way for extends this tutorial? I'd like to avoid using package Spatie/Permissions.

thanks in advance!

Solution

  • You can resolve this easily using Policies.

    Just create the a file in the app\Policies folder, with your policy definition:

    <?php

namespace App\Policies;

use App\Models\User;
use App\Models\Expedient;

class ExpedientPolicy
{
  /**
    * Editing allowed for the person in charge of an open expedient
    * @param  \App\Models\User       $user
    * @param  \App\Models\Expedient  $expedient
    * @return bool
    */
  public function editExp(User $user, Expedient $expedient) { 
    return (!$expedient->exp_close && ($expedient->responsible == $user->id));
  }
}

    And register it in app\Providers\AuthServiceProvider.php:

        protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
        Expedient::class => ExpedientPolicy::class,
    ];

    Now you can use this policy with

    @can('editExp', $expedient)