Need help with logic and permissions.

Either return different views/routes for those two cases, or use something like includeWhen blade directive to which you can pass a condition which will dynamically include files.

@includeWhen($boolean, 'view.name', ['some' => 'data'])

I will look into that.

How would I go about getting a boolean for this situation:

Referencing the pivot table, I would check that the user is a member of the project, but then I need find out if they have edit permissions.

Is this close? I can't seem to get the logic working.

    $user = auth()->user();
    
    $members = $project->members();

    $canEdit = $members->where('permission_id', 1)->where('user_id', $user->id);

Never used that package. I do not see any value in packages like that one. Overcomplication of a simple problem.

Pretend I don't use it. How would you go about giving a user permission to edit a specific project? I don't want them to edit all projects.

I would use policies.

$boolean = $user->can('update', $project);

https://laravel.com/docs/7.x/authorization#authorizing-actions-using-policies

I think I'm going to do a mix of that and what I have. Thanks!

Sorry, another question about this. How would I find out if the user can update the project? I need to look in a pivot table, make sure the user is a member of that project, then pull true or false from a column called 'can_edit'.

I guess something like this:

class ProjectPolicy
{
	public function update(User $user, Project $project): bool
	{
		return $project->members()
			->where('user_id', $user->id)
			->where('permission_id', Permission::UPDATE)
			->exists();
	}
}

How would I reference that in a view?

Everything is documented https://laravel.com/docs/7.x/authorization#via-blade-templates

I'm trying that, but it's not working. I'll keep looking at my controller and see if I can figure it out. Thanks!

Here is my policy:

public static function editProject(User $user, Project $project)
{
    return $project->members->where('project_id', $project->id)
        ->where('user_id', $user->id)
        ->where('edit_project', 1);
}

And the view:

        @can('editProject', $project)
            yes
        @endcan

EDIT:

This is in Project model:

public function members()
{
    return $this->belongsToMany(User::class, 'project_members')
        ->withTimestamps()
        ->withPivot('edit_project');
}

I get 'yes' no matter what. To me, that means I'm doing something wrong in the policy. What do you think?

It's coming back empty:

Illuminate\Database\Eloquent\Collection {#1421 ▼ #items: [] }

I finally figured it out, but it's not very pretty in my opinion.

Changed my ProjectPolicy entry to this:

public static function editProject(User $user, Project $project)
{

        $canEdit = $project->members($user)->pluck('edit_project');

        if ($canEdit->contains(1))
            return true;
        else
            return false;

}

First: Don't make it static.

Second: You will figure it out how to write it better once you get to know policies well.

What do you mean by "Don't make it static"? I'm not very familiar with that.

public static function editProject

Should not have static keyword in it.

Oh, got it. Thanks!