Reputation: 1496
Laravel Policies in Model and how to avoid authorization in particular views.
I will try to explain. Im developing an Ecommerce application and in order to provide backend authorization I applied laravel Policies to a Model (product model).
The problem resides when I tried to use the same product model in frontend views, where all users can see the products.
Policies are applied to all the model no matter if the route view is protected and I cannot find the way to leave some views (eg: frontend>list products) retrieving information from model with no authorization policy.
Eg: of the policy applied to View in backend:
public function view(User $user)
{
$method = (string)$this->ability;
if ($user->hasRole($this->Model) === null) {
return 0;
}
return $user->hasRole($this->Model)->$method;
}
What I need is to create another public function in product policy that list products in frontend without requesting authorization to the user.
thanks.
Upvotes: 0
Views: 536
Answers (1)
Reputation: 44
You may want to create a constructor function in your controller that allows non-authenticated users to access the products view. The following snippet provides access to every function in the controller except for the destroy (session destroy, logout) function.
public function __construct()
{
$this->middleware('guest', ['except' => 'destroy']);
}
I hope this helps point you in the right direction.
Upvotes: 2
Related Questions
- Laravel authorization policy not working on Show page
- Why Laravel Policy is not working in View/Blade?
- Laravel - Authorize with other policy
- policy in laravel always unauthorized
- Laravel Policies Via blade template
- Laravel policy always denies access
- Laravel 5.6 Authorizing actions using policies
- Laravel Policy Ignoring View, Update, and Delete but Create works just fine
- How can I do Authorization Policies in Laravel 5.3?
- Laravel Authorization using Policies