Martinkovic

Martinkovic

Member Since 1 Year Ago

Experience Points 4,770
Experience Level 1

230 experience to go until the next level!

In case you were wondering, you earn Laracasts experience when you:

  • Complete a lesson — 100pts
  • Create a forum thread — 50pts
  • Reply to a thread — 10pts
  • Leave a reply that is liked — 50pts
  • Receive a "Best Reply" award — 500pts
Lessons Completed 47
Lessons
Completed
Best Reply Awards 0
Best Reply
Awards
  • start-engines Created with Sketch.

    Start Your Engines

    Earned once you have completed your first Laracasts lesson.

  • first-thousand Created with Sketch.

    First Thousand

    Earned once you have earned your first 1000 experience points.

  • 1-year Created with Sketch.

    One Year Member

    Earned when you have been with Laracasts for 1 year.

  • 2-years Created with Sketch.

    Two Year Member

    Earned when you have been with Laracasts for 2 years.

  • 3-years Created with Sketch.

    Three Year Member

    Earned when you have been with Laracasts for 3 years.

  • 4-years Created with Sketch.

    Four Year Member

    Earned when you have been with Laracasts for 4 years.

  • 5-years Created with Sketch.

    Five Year Member

    Earned when you have been with Laracasts for 5 years.

  • school-session Created with Sketch.

    School In Session

    Earned when at least one Laracasts series has been fully completed.

  • welcome-newcomer Created with Sketch.

    Welcome To The Community

    Earned after your first post on the Laracasts forum.

  • full-time-student Created with Sketch.

    Full Time Learner

    Earned once 100 Laracasts lessons have been completed.

  • pay-it-forward Created with Sketch.

    Pay It Forward

    Earned once you receive your first "Best Reply" award on the Laracasts forum.

  • subscriber-token Created with Sketch.

    Subscriber

    Earned if you are a paying Laracasts subscriber.

  • lifer-token Created with Sketch.

    Lifer

    Earned if you have a lifetime subscription to Laracasts.

  • lara-evanghelist Created with Sketch.

    Laracasts Evangelist

    Earned if you share a link to Laracasts on social media. Please email [email protected] with your username and post URL to be awarded this badge.

  • chatty-cathy Created with Sketch.

    Chatty Cathy

    Earned once you have achieved 500 forum replies.

  • lara-veteran Created with Sketch.

    Laracasts Veteran

    Earned once your experience points passes 100,000.

  • 10k-strong Created with Sketch.

    Ten Thousand Strong

    Earned once your experience points hits 10,000.

  • lara-master Created with Sketch.

    Laracasts Master

    Earned once 1000 Laracasts lessons have been completed.

  • laracasts-tutor Created with Sketch.

    Laracasts Tutor

    Earned once your "Best Reply" award count is 100 or more.

  • laracasts-sensei Created with Sketch.

    Laracasts Sensei

    Earned once your experience points passes 1 million.

  • top-50 Created with Sketch.

    Top 50

    Earned once your experience points ranks in the top 50 of all Laracasts users.

04 Jun
1 year ago

Martinkovic left a reply on Applying Authorisation Policy For Nested Resource

@martinbean thank you for your effort, unfortunately i think that we don't understand each other.

As I said:

I want to apply policy only to index method

And as you also stated:

This will deny any route if the user can edit the requested question, no matter what route you hit.

I want to apply "owner" policy only to index method of QuestionAnswerController. I also got there other methods such as store and destroy. For example I want to store answers to question naturally no matter if you are owner of the question or not and your proposed middleware will block such action. I tried to apply ->only(['index']) method on middleware and it worked. However this is not what i wanted to achieve. With limitation of middleware into only index() method it's the same as calling $this->authorize() inside of index method, what I'm already doing.

So again, my main question is if it's semantically better to associate this authorisation logic with question or answer model.

Please let me know if my original question is stated in some misunderstanding way so I can clarify it and maybe edit it also for other users of this forum that can find this conversation helpful.

Martinkovic left a reply on Applying Authorisation Policy For Nested Resource

@martinbean thanks for pointing out these options as well, I didn't know about them. However, I want to apply policy only to index method so this will probably not help me. I am more interested in the right way (or best practice) how to handle this particular situation. If it makes sense to map policy to question or to answer model.

Martinkovic started a new conversation Applying Authorisation Policy For Nested Resource

Hi,

I'm listing answers to specific question by this route: GET api/question/{question}/answer . Currently, I am trying to apply policy that will ensure that only owner of the question can list respective answers to it.

I've managed to implement this policy by assigning it to answer model in AuthServiceProvider. However I'm wondering if it should be assigned to answer or to question model. For example there is situation when there are no answers to the question and policy authorisation is based on retrieval of question_id and respective owner_id from relations with answers, but when there is no answer, my answer policy is unable to retrieve and validate these ids and therefore throws action unauthorised exception.

If the policy will be assigned to question model there will be no such problem, however I'm not sure if it's semantically correct to assign it to question model when I want to check rights to indexing of answers and not questions.

Chunks of related code:

index method:

public function index(Question $question){
    $this->authorize('index',$question->answers()->first());

    return QuestionAnswerResource::collection($question->answers);
}

AnswerPolicy:

public function index(User $user, QuestionAnswer $answer)
    {
        $campaign = Campaign::find($answer->question->campaign_id);

        return $user->id == $campaign->user->id;
    }

Thanks!