How to specify policy for permissions using Spatie on Laravel 5.4 API

Currently i'm developing a small API of common resources like messages, images, etc.. (using Laravel 5.4 for backend and vue-cli frontend), which belongs to only one user and I'm trying to implements roles and permissions in the following way:

Users which belongs to Client role may only edit or delete content which belongs to them.
Users which belongs to Staff role may edit content which belongs to Client role users but not delete them.

I understand that i can achieve my goal specifying authorize() method on FormRequests, using queries like:

public function authorize()
{
    $comment = Comment::find($this->route('comment'));
        return $comment && $this->user()->can('update', $comment);
}

But since i'm using Spatie to manage ACL concerns i would like to know if it's possible to also specify this kind of restrictions using it's ways, i read through the documentation and understand how to create, assign, delete roles and permissions, but i could not find anywhere where to specify this policies.

Since i'm not using blade or laravel at all to provide the user with an interface where i could just use gate/guards to show or hide forms i'm quite lost.

derzz

8 years ago

Level 1

I am also looking for the same ..

[email protected]

8 years ago

Level 4

What about this package? https://github.com/spatie/laravel-permission Then you can use middleware stuff in your routes file instead of creating requests. Take a look at the examples on quoted link.

Please or to participate in this conversation.