Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi All, I am building an app using Spark. And I am building my app using the same structure as Spark, where the logic is hosted between Interactions and Repositories.
I am wondering what the best is, to authorize user actions. Should I use Policies or simple abort() checks? And who should authorize the user, is it the controller or the Interaction?
Any thoughts would be greatly appreciated.
I would say that the using Policies would be a good option and the best place I would store would be in the beginning of the controller's method. I think that would give you the best flexibility and in the end of the day you can use 'can()' in the blades and will give a good control in place.
This was my initial plan, wasn't sure it's the best approach though. Thanks for sharing that.
Please or to participate in this conversation.