Laravel AuthorizeResource for Resource Controllers

I was always so lazy to introduce policies and I always add the gate verification in the controller.. but right, it is cleaner and easier.. already clean up 2 controllers for an opensource project I'm doing in Laravel :) TOP!

rickys.

You should ensure your [resource is created using the `--model` flag so that it has the required method signatures and type hints: Otherwise you meet 403 code on http tests. And if you name resource controller in plural, according to Spatie rules (TasksController) then second parameter of authorizeResource method should 'tasks'

nikza

Interesting approach, previously I always used the middleware('permission:....') in the construct. Maybe I should get started with the policies.

bloglives

Hi!
I guess the best way to put policies into Request classes. Laravel by default gives you authorize method.
Simply create a Request Class, eg. TasksIndexRequest, and load it into your public function index(TasksIndexRequest $request) into the controller.
And in authorize method call policy/gate/any other code you want. For example:
public function authorize()
{
return auth()->user()->can('list', Task::class);
}

falconik

i prefer using form request classes on every endpoint and using the authorize method in those because you may have additional endpoint specific logic and still able to keep it out of the controller and authorization related stuff stays in a consistent place

itsmillrtime

It's a good tip for a cleaner and readable code! 👏

mateussantana

Is it still compatible in Laravel 11. I tried to cal it in the controller and it returns error

faridnubaili

Is there a recommand way to populate a database?
I know migration can do it, but if I am not mistaking, it is a "hack", no ?

jeremiebergeron

I dont like this way to do that, its not clear, short its not always the best solution

sorry

Hello sir, I hope you are doing well. I have faced a problem. I have two tables (properties and status) and I want many to many relationships between them because I want to track which user changes the status and how many times status changes in a property. So, I made a pivot table called 'peroperty_status'.

Now,

Table - properties

id - name - employment_type
1 - Property 1 - basic
2 - Property 2 - commission
3 - Property 3 - basic


Table - statuses

id - name
1 - Complete
2 - Pending
3 - Rejected
4 - Missing Document

Table - property_status

property_id - status_id - user_id
1 - 2 - 1
1 - 4 - 2
1 - 1 - 1

2 - 2 - 1
2 - 4 - 2
2 - 3 - 1

3 - 2 - 1
3 - 4 - 2

You can see, Every property has status 4, but in (1, 2) has status (1, 3) after 4, but in property 3 latest status is 4.

So, I want two show all properties which have the latest status 4

I wrote a query :
$properties = Property::query()->whereHas('statuses', function ($q) {
return $q->where(['statuses.id' => 4]);
})->take(20)->get();

But, It's retrieved all the record which has status 4, it doesn't matter whether the status is the latest or oldest, And yeah this is expected behavior.

So, I want to query all the properties which have only the latest status 4

By the way, I did a solution by adding a new field called is_active in the pivot, but for this have to write more code in every time, You know when new status attach, I have to make the status false to the previous record.

Thanks in advance, I know that you will gonna help me. Because You already did to me many times.

bmtamim