Permissions and roles visible for any kind of user role

[Roby-Wan-Kenobi]

While any other resource type works fine, permissions and roles are visible and editable for any user role type. What am I doing wrong?

[Roby-Wan-Kenobi]

Added this in the AuthServiceProvider:

use App\Policies\PermissionPolicy;
use App\Policies\RolePolicy;
use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The model to policy mappings for the application.
     *
     * @var array<class-string, class-string>
     */
    protected $policies = [
        Role::class => RolePolicy::class,
        Permission::class => PermissionPolicy::class,
    ];
}

and added the policies

namespace App\Policies;

use App\Models\User;
use Spatie\Permission\Models\Permission;

class PermissionPolicy
{
    /**
     * Determine whether the user can view any models.
     */
    public function viewAny(User $user): bool
    {
        return $user->isSuperAdmin();
    }

 ...

but I think there must be a better and more clean solution

[abetterlogic]

How to make these changes in laravel 11

[drbyte]

How to make these changes in laravel 11

Laravel 10 way: https://laravel.com/docs/10.x/authorization#registering-policies Laravel 11 way: https://laravel.com/docs/11.x/authorization#registering-policies