Level 80
@mateoo88 If the user is authenticated using a guard other than the default then yes, you will need to explicitly specify it, otherwise the gate will just try and resolve the user using the default guard.
2 likes
Dec 2, 2024
1
Level 2
Authorization by guards
In one part of my application, I use guards named 'temporary' for user authorization. Now, I have a small issue when it comes to Authorization using Policy.
Here is a snippet of my Policy:
public function delete(TemporaryUsers $user, FreeDaysAbsenceRequest $freeDaysAbsenceRequest): bool
{
//dd($user->id, $freeDaysAbsenceRequest->user_id, $freeDaysAbsenceRequest->status);
return $user->id === $freeDaysAbsenceRequest->user_id && $freeDaysAbsenceRequest->status === 'open';
}
Now, when I want to use it as usual in the controller (dd is only for my test):
public function destroy(FreeDaysAbsenceRequest $userRequest)
{
$this->authorize('delete', $userRequest);
dd($userRequest);
}
or in the blade using @can('delete', $userRequest) , I get an error:
App\Policies\FreeDaysTemporaryUserPolicy::delete(): Argument #1 ($user) must be of type App\Models\TemporaryUsers, App\Models\User given
I found a solution that works, but I want to ask if it is allowed and correct: In blade:
@if(Auth::guard('temporary')->user()->can('delete', $userRequest))
In the controller:
public function destroy(FreeDaysAbsenceRequest $userRequest)
{
$user = Auth::guard('temporary')->user();
if(!$user->can('delete', $userRequest)){
abort(403, 'You are not authorized to delete this request');
}
//$this->authorize('delete', [$user, $userRequest]);
dd($userRequest);
}
Do you have any other suggestions on how to resolve the authorization issue for users logged in through a guard?
Please or to participate in this conversation.