Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mikecou's avatar

best way to secure a spark application in the blade template

I am building a spark app. On the blade file, I want to prevent users from seeing things like an edit button unless they are: logged in and (has a team on a trial plan or has a team on a subscription) and the user's role on the team is a owner or member

I have had some folks I asked this to suggest doing something through a gate or policy, or perhaps through a trait. All three of these seem like they are not the right fit.

I am looking to do something in the blade like this:

@if(auth()->check() && ( Auth::user()->currentTeamOnTrial() || auth()->user()->currentTeam()->subscription() ) &&  in_array($team->pivot->role, ['owner', 'author']) )

do or show something

@endif

this method seems to be a little odd and I am looking for something more elegant.

Is the gate, policy, or trait a better way to accomplish this? What else should I be thinking of?

thanks

0 likes
4 replies
mina's avatar

Hi, I don’t believe there is a right or wrong answer here. Middleware is processed way before the execution selects and outputs the blade page, so if you are looking for a way to use the same blade page for those users and others then middleware is not a solution.

My recommendation would be using Gate (https://laravel.com/docs/6.x/authorization#gates), you can encapsulate this logic in the gate and use the blade directive can. This will allow you to reuse the same logic in many places in your application.

I hope that helps.

mikecou's avatar

This is something that actually gets close to what I am trying to do. Don't know if doing this in the blade is the best thing or not though.

@if(auth()->check() && (Auth::user()->currentTeamOnTrial() || auth()->user()->currentTeam()->subscription()) &&  in_array( auth()->user()->roleOnCurrentTeam(), ['owner', 'author']) )
mikecou's avatar

Thank you. I would really like to encapsulate the logic in one place, so the gate does sound like a good way to do it.

Is there a way to use the gate like if I were to pass from the blade to the gate something like this:

@if(canEditGateThing($userid)

Please or to participate in this conversation.