lrljoe
commented
2 years ago Ensure that you have Created an OwnedBy rule Created an Ability for OwnedBy only Crested an ability for everything ( no owned constraint) Assigned users those abilities.
Open mojosef opened 2 years ago
lrljoe
commented
2 years ago Ensure that you have Created an OwnedBy rule Created an Ability for OwnedBy only Crested an ability for everything ( no owned constraint) Assigned users those abilities.
JosephSilber
commented
2 years ago You have to first tell Bouncer that users may own leads:
Bouncer::allowEveryone()->toOwn(Lead::class);
Hi,
I've been struggling with this is issue all day and looking for a lifeline if possible.
Currently, I have one ability 'view-all-clients'. If a user doesn't have this, they can only see clients that they own. The clients table ('leads') has a column 'assigned_to' which links to the user.
In my
AppServiceProvider.phpboot method, I have the below:public function boot() { Bouncer::ownedVia(Lead::class, 'assigned_to'); }Calls to
@can('view-all-clients', $model)return false and$this->authorize('view-all-clients', $lead)throws a 403, when theusers.id === leads.assigned_to.Can anyone shed any light here? Regardless of the ability, the ownedVia should override?
My abilities table:
INSERT INTOabilities(id,name,title,entity_id,entity_type,only_owned,options,scope,created_at,updated_at) VALUES ('2', 'view-all-clients', 'View all clients leads', NULL, 'App\\Clients\\Lead', '0', NULL, NULL, '2022-07-11 16:01:27', '2022-07-11 16:01:27');Thanks in advance.