sididev's avatar

Laravel comment policy not working

Hello, I am using inertia JS. I created a forum where you can manage your posts and comments (CRUD).

Normally, the one who can modify or delete his post or comment is the one who created it and the administrator.

I was able to set up a policy for the post but for the comment it does not work. I need your help to fix this.

This is my show function for post and comments

    public function show(Post $post, Comment $comment)
    {
        usleep(500000);

        $post->incrementReadCount();

        $updateableCommentIds = $post->comments
            ->map(function ($comment) {
                if (Auth::user()->can('update', $comment)) {
                    return $comment->id;
                }
            })
            ->filter();

        return Inertia::render('Frontend/Forum/Helpers/PostDetails', [
            'post' => PostResource::make(
                $post->load('user')->loadCount('comments')
            ),
            'comments' => CommentResource::collection(
                Comment::where('post_id', $post->id)
                    ->with('user')
                    ->paginate(10)
                    ->withQueryString()
            ),
            'categories' => Category::all(),
            'can' => [
                'edit' => Auth::check() && Auth::user()->can('edit', $post),
                'commentEdit' => $updateableCommentIds
            ]
        ]);
    }

This's my comment policy

class CommentPolicy
{
    use HandlesAuthorization;

    public function update(User $user, Comment $comment): bool
    {
        return $user->is_admin || $user->id === (int) $comment->user_id;
    }
}

This's my vue file

<div
v-if="can.commentEdit.includes(comment.id)"
>
        //show me this if im the auther of this comment
</div>

I already tried but it doesn't work either

public function show(Post $post)
{
    $canUpdateComments = $post->comments->every(function ($comment) {
        return Auth::user()->can('update', $comment);
    });

    // Return the view with the ability to update the comments
    return view('posts.show', compact('post', 'canUpdateComments'));
}
0 likes
8 replies
vincent15000's avatar

Have you declared the policy in the AuthServiceProvider ?

vincent15000's avatar

@d3v Have you checked the content of the can.commentEdit array ?

What do you see in the view ?

{{ can.commentEdit }}
sididev's avatar

@vincent15000 in the view I just have a button that opens a toggle that will allow me to edit and delete and it is this button that I want to make accessible only to the user posting the comment. Seeing that the policy didn't work like the job, which is why I did it differently.

I check if the comments are included it works but gives an error if the user wants to look at a post on which he has not commented.

Uncaught (in promise) TypeError: $props.can.commentEdit.includes is not a function

I put the question marks like this can?.commentEdit.include it still does not work.

sididev's avatar
sididev
OP
3 years ago
Best Answer
Level 8

I just noticed that I had a commentResource and just with that I found the solution instead of checking each time on the post not directly on the comment...

class CommentResource extends JsonResource
{
    public function toArray($request)
    {
        return [
            ...
            'can' => [
                'edit' => Auth::user()->can('update', $this->resource)
            ]
        ];
    }
}

Please or to participate in this conversation.