Closed Synchro closed 3 years ago
Simply passing in 'id'
should work:
Bouncer::ownedVia(User::class, 'id');
Thanks
Hi,
Where should I put this code and how to check the permission.
My code is as following:
Bouncer::allow($user)->toOwn(User::class)->to(['read', 'update']);
And when checking in the authorization:
Bouncer::can('update', User::class);
The authorization always return false unless I set only_owned to false within abilities table which is not ideal because I don't want the user to edit others.
Thanks in advanced.
In your AppServiceProvider
's boot
method, add this line:
Bouncer::ownedVia(User::class, 'id');
Thanks @JosephSilber ,
I added that to the ServiceProvider and also adjust the authorize method in the controller to request()->user()->can('update', $user)
and it works for me.
Thanks again!
I want users to be treated as owners of their own records, so they can edit their own data but not anyone else's. How should I assign this ability? I'm currently looking at:
or is there some shortcut, as I'd imagine this is a common requirement?