Policy for User model. Allow the logged in user to view and edit their data

I cannot find or locate information on how to make a user see their own data in Nova.

Using police a user who is not superadmin, cannot see the Users resource, but I do want him to be able to edit his own tab.

All the examples are for models related to the user, but I don't see any for the user himself.

Below code work fine for SuperAdmin. Only thi suser can see, edit, delete, ... all users.

I need use any external package such Spatie-permissions ?

<?php

namespace App\Policies;

use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;

class UsersPolicy
{
    use HandlesAuthorization;

    public function before(User $user, $ability)
    {
        if ($user->is_super_admin) {
            return true;
        }
    }

    /**
     * Determine whether the user can view any models.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function viewAny(User $user)
    {
        //
    }

    /**
     * Determine whether the user can view the model.
     *
     * @param  \App\User  $user
     * @param  \App\User  $model
     * @return mixed
     */
    public function view(User $user, User $model)
    {
        return $user->id === $model->id;
    }

    /**
     * Determine whether the user can create models.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        //
    }

    /**
     * Determine whether the user can update the model.
     *
     * @param  \App\User  $user
     * @param  \App\User  $model
     * @return mixed
     */
    public function update(User $user, User $model)
    {
        //
    }

    /**
     * Determine whether the user can delete the model.
     *
     * @param  \App\User  $user
     * @param  \App\User  $model
     * @return mixed
     */
    public function delete(User $user, User $model)
    {
        //
    }

    /**
     * Determine whether the user can restore the model.
     *
     * @param  \App\User  $user
     * @param  \App\User  $model
     * @return mixed
     */
    public function restore(User $user, User $model)
    {
        //
    }

    /**
     * Determine whether the user can permanently delete the model.
     *
     * @param  \App\User  $user
     * @param  \App\User  $model
     * @return mixed
     */
    public function forceDelete(User $user, User $model)
    {
        //
    }
}

bugsysha

6 years ago

Best Answer

Level 61

Just scope all queries to that user.

public static function indexQuery(NovaRequest $request, $query)
{
    return $query->where('user_id', $request->user()->id);
}

abkrim

6 years ago

Level 13

A lot of thanks.

abkrim

6 years ago

Level 13

For me work more fine, this because with your code User show only user auth. And is user is super_admin we like nova show all users

public static function indexQuery(NovaRequest $request, $query)
{
        return ($request->user()->is_super_admin) ? $query : $query->where('id', $request->user()->id);
}

bugsysha

6 years ago

Level 61

Mhm, that is how I've would've done it.

Please or to participate in this conversation.