6 months ago

Policies differents for the owner user or for the admin

Posted 6 months ago by abkrim

There is something I do not understand about policies

I have an API in which I have a user and another table. A user can only do certain things, and certain things only with certain elements.

Now when I want to refactor my controllers, I have realized that I am not aware of the knowledge of the policies.

For example

In my controller, an user can't edit some columns of his domain. Only admin has permission for edit this columns.

// Check params not allowed
        $check = ['aliases', 'mailboxes', 'maillists', 'quota_used', 'transport', 'backupmx'];
        if (! Auth::user()->is_super_admin) {
            $check = array_merge($check, ['settings', 'disclaimer', 'maxquota']);

        if (!$this->checkParams($check, $request)) {
            return  $this->sendError(
                'There is content that is allowed to use in this method ' . $request->domain,


public function checkParams(array $added, Request $request): bool
        // Check for no valid updates
        $not_update = array_merge($added, config('albarid.not_update'));

        if (!empty(array_intersect($not_update, array_keys($request->all())))) {
            return false;

        return true;

Is possible use Policies for control what cand edit or store user ?

Please sign in or create an account to participate in this conversation.