Level 4
Read the doc!! https://inertiajs.com/authorization 😅 Is there any other technique?
1 like
Sep 11, 2023
5
Level 4
Authorisation Blade directives and Vue equivalent
I am thinking about using Vue instead of Blade in the next update of my app. Just wondering how I deal with authorisation in Vue. Currently, I use Blade directives like @can to hide or show UI components according to authorisation checks.
How could I do the same with Vue?
Level 4
Level 80
@madhansuresh It will never be possible as the client (the browser) simply cannot be trusted.
Authorisation has to come from the server, otherwise a user could just change any “is admin” checks to true and become an administrator.
1 like
Level 4
@martinbean yes, agree with you and it makes sense.
1 like
Level 4
I put this in HandleInertiaRequests Middleware so the permissions are available automatically on the front end.
'auth' => [
'user' => fn () => $request->user(),
'permissions' => fn () => $request->user()?->getAllPermissions()->pluck('name')
],
and then wrote a helper function to check the permission:
function hasPermission(permissions, permissionToTest) {
let hasPermission = false;
permissions.forEach((permission) => {
if (permission === permissionToTest) {
hasPermission = true;
} else if (permission.includes(".*")) {
const permissionParts = permission.split(".");
const permissionToTestParts = permissionToTest.split(".");
if (
permissionParts.length === permissionToTestParts.length &&
permissionParts[0] === permissionToTestParts[0]
) {
hasPermission = true;
}
}
});
return hasPermission;
}
Now I can test permissions in Vue using something like hasPermission($page.props.auth.permissions, 'user.index'). It works perfect.
Would it be possible to have $page.props.auth.permissions available to the function automatically so I don't have to pass it in every time?
1 like
Please or to participate in this conversation.