Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Friaku's avatar

@can Blade not Showing According to Registered Policy

I'm having issues with Laravel's @can directive. The Policy is registered and I have checked that it works. It's purpose is to allow only owners or those with a role of "Admin" of a Post to be able to access the "Edit" Form of a post and update that post.

Manually navigating to the URL as the Post owner or Admin shows that the policy is working as it should. However, using @can within the View file; the link that it is supposed to output as a link does not appear at all.

Here's the Policy:

<?php

namespace App\Policies;

use App\User;
use App\Posts;
use Auth;
use Illuminate\Auth\Access\HandlesAuthorization;

class PostsPolicy
{
    use HandlesAuthorization;

    /**
     * Create a new policy instance.
     *
     * @return void
     */

    public function owns_post(User $user, Posts $post)
    {
        if ($user->isAdmin() || $user->owns($post)) {
            return true;
        } 
    }
}

Essentially, if the user is an admin or if they own the post; allow them access to it.

This is it being registered within AuthServiceProvider:

protected $policies = [
        \App\Posts::class => \App\Policies\PostsPolicy::class,
    ];

This is the code from the model (User.php) from where the "owns" and "isAdmin" come from:

public function owns($related)
    {
        return $this->id === $related->user_id;
    }

    //Check if user is an Admin.
    public function isAdmin() 
    {
       return in_array(1, $this->roles()->pluck('roles_id')->all());
    }

This is the controller:

//Show the Post
    public function show($id)
    {
        $post = Posts::findOrFail($id);
        return view('posts.show', compact('post'));
    }

and finally this is the view:

@extends('layouts.app')

@section('content')
<div class="col-md-8 col-md-offset-2">
    <div class="col-md-10 col-md-offset-1">

        <div class="panel-heading"><h2>{{$post->title}}</h2> @can('owns_post') <a href="{{ route('posts.edit', $post->id) }}">Update Posts</a>@endcan</div>
        
        <div class="panel-body">
        <p>{{$post->body}}</p></div>

    </div>
</div>
@endsection

As you can see from the view; @can('owns_post') does not output the "Update Posts" link as I would like it to. Which is a tad strange as anyone who is either an admin or owner of the post can actually edit the post and those who are NOT Admin or at the very least Owners of the Post are not allowed access.

Thank you Best regards Friaku

0 likes
2 replies
InaniELHoussain's avatar
InaniELHoussain
9 years ago
Best Answer
Level 32

you should provide the instance of the post

@extends('layouts.app')

@section('content')
<div class="col-md-8 col-md-offset-2">
<div class="col-md-10 col-md-offset-1">

    <div class="panel-heading"><h2>{{$post->title}}</h2> @can('owns_post', $post) <a href="{{ route('posts.edit', $post->id) }}">Update Posts</a>@endcan</div>
    
    <div class="panel-body">
    <p>{{$post->body}}</p></div>

</div>
</div>
@endsection
2 likes
Friaku's avatar

Oh dear lord.. I need to find my glasses. Thank you so much!

2 likes

Please or to participate in this conversation.