5 months ago

Laravel Blade, Vue and Authorisation

Posted 5 months ago by pom

The more I research how to handle authorisation with Laravel and Vue the more confusing it gets. I'm not creating a SPA so I've got a mixture of Laravel with a bunch of Vue components. The simplest solution I've come across (with my own spin on it) is below. The problem is it seems too easy compared to some of the more complex solutions I've come across. Could this work? Are there any obvious issues that I haven't realised?

<parent-component :can="{ Auth::user()->can('delete', $model) }"></parent-component>
    <button v-if="$attrs.can">Delete</button>

My initial thought was someone could just update the 'can' variable to allow access

$vm0.$sttrs.can = 1

Then I remembered you won't have access to the ViewModel (VM) instance once 'dev' mode is disabled. Plus, there will still be authorisation logic on the Laravel backend. It just seems too simple. Thanks.

Please sign in or create an account to participate in this conversation.