Yes, you are correct. When using model properties in Livewire 3, the framework handles authorization behind the scenes. This means that if you bind a model directly to a Livewire component property, Livewire will automatically check the authorization policies for you.
However, if you are not using model properties and instead are manually handling data within your Livewire components, you will need to create and enforce policies yourself to ensure proper authorization.
Here is a brief example to illustrate both scenarios:
Using Model Properties (Automatic Authorization)
use Livewire\Component;
use App\Models\Post;
class EditPost extends Component
{
public Post $post;
public function mount(Post $post)
{
$this->post = $post;
}
public function save()
{
$this->post->save();
}
public function render()
{
return view('livewire.edit-post');
}
}
In this example, Livewire will automatically check the authorization policies for the Post model when you bind it to the component property.
Not Using Model Properties (Manual Authorization)
use Livewire\Component;
use App\Models\Post;
use Illuminate\Support\Facades\Gate;
class EditPost extends Component
{
public $postId;
public $title;
public $content;
public function mount($postId)
{
$post = Post::findOrFail($postId);
if (Gate::denies('update', $post)) {
abort(403);
}
$this->postId = $post->id;
$this->title = $post->title;
$this->content = $post->content;
}
public function save()
{
$post = Post::findOrFail($this->postId);
if (Gate::denies('update', $post)) {
abort(403);
}
$post->title = $this->title;
$post->content = $this->content;
$post->save();
}
public function render()
{
return view('livewire.edit-post');
}
}
In this example, you need to manually check the authorization using Gate::denies before performing any actions on the Post model.
In summary, if you use model properties in Livewire 3, the framework will handle authorization for you. If you do not use model properties, you will need to manually enforce authorization policies.
