DEVHIDE
Login Or Sign up

Laravel: How can I write a policy class for API methods on a nested resource controller?

697 Views Asked by At

I have a many to many relationship that I'm working with between User and Task models. A user belongs to many tasks and a task belongs to many users. I have a pivot table called task_user.

In my API, I have a route defined as follows:

Route::get('/users/{user}/tasks', 'TaskUserController@all');

I want to write a policy to enforce that the currently logged in user, auth()->user, is the user being requested in the route. Basically, a user can only view their own tasks.

How can I write a policy class for the nested resource controller TaskUserController?

laravel rest model nested-resources
Original Q&A
1

There are 1 best solutions below

0
mrhn On BEST ANSWER

Nesting of your resource has nothing to do with making policies.

Make your UserPolicy.

class UserPolicy()
{
    public function view(User $authorizedUser, User $user) {
        return $authorizedUser->is($user);
    }
}

In your controller, you can authorize the action, with the authorize() helper. Alternatively it can be executed in your form request with Auth::user()->can().

class TaskController {
    public function all(User $user)) {
        $this->authorize('view', $user);

        return $user->tasks;
    }
}

Related Questions in LARAVEL

Related Questions in REST

Related Questions in MODEL

Related Questions in NESTED-RESOURCES

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.