jsphpl
commented
7 years ago @mohanklein is it intentional to call Gate::forUser(…)->denies(…) in one hook and $user->cant(…) in the other?
Closed mohanklein closed 7 years ago
jsphpl
commented
7 years ago @mohanklein is it intentional to call Gate::forUser(…)->denies(…) in one hook and $user->cant(…) in the other?
mohanklein
commented
7 years ago @jsphpl I thought that denies method would need a single resource, which seems to be wrong ... got confused by laravel doc
I removed
AuthorizeActioncalls for single resource methods such asshow()which also have aAuthorizeResourcecall. Otherwise there would be problems with Policy definitions for methods likeindex()which don't have a single resource but would have to because the policy would be called two times. Please give me feedback if this makes sense to you.For the moment if you add the Authorization plugin to your controller every method that doesn't have a policy defined will throw an Unauthorized Exception. This means if you use the plugin and you have methods that should be accessible to anyone without authorization you must define policy methods for these which simply
return true. Is this our desired behavior?