Using request classes for authorizing every method of a controller?

Hi all,

I was wondering whether it is viable to use request classes for authorizing other methods than POST/PUT/PATCH actions. For example, make a IndexPostsRequest with an empty rules array and with a authorize() method that contains permission checking and stuff.

Or is this really not what it is meant for?

Sergiu17

4 years ago

Level 60

Hey, check this https://laravel.com/docs/8.x/authorization#authorizing-resource-controllers

1 like

larswoltersdev

4 years ago

Level 1

@Sergiu17 Thanks for your reply! We used policy classes before, but it became a bit confusing sometimes since we have multiple roles that have different permissions (we also use a permission system). Any suggestions?

martinbean

4 years ago

Level 80

@LarsWolters Still use policies. This is literally what they’re for. Can user X perform action Y on model Z?

The logic you were going to stuff in a form request’s authorize method, you instead put in a policy method.

1 like

Please or to participate in this conversation.