Permission in Laravel controller

Question

if ($request->ajax()) {
    $data = User::latest()->get();

    return Datatables::of($data)
                     ->addIndexColumn()
                     ->addColumn('FullName', function($row){
                         $name = $row->fname.' '.$row->lname;
                         return $name;
                     })
                     ->addColumn('action', function($row){
                        //@can('user-show')
                        $btn = '<div class="btn-toolbar" role="toolbar" aria-label="Toolbar with button groups">
                                    <div class="btn-group" role="group">
                                        <a href="'.route("users.showrole",$row->id).'" data-toggle="tooltip" title="Show" class="btn btn-default btn-flat btn-sm">
                                            <span class="icon-size-fullscreen"></span>
                                            Show
                                        </a>';
                        //@endcan

                        //@can('user-edit')
                        $btn = $btn.'<a href="'.route("users.editrole",$row->id).'" data-toggle="tooltip" id="'.$row->id.'" title="Edit" data-id="'.$row->id.'" class="edit btn btn-primary btn-flat btn-sm CategoryEdit" onclick="CategoryEdit()">
                                         <span class="icon-pencil"></span>
                                     </a>';
                        //@endcan

                        $btn = $btn.'<a href="javascript:void(0)" data-toggle="tooltip" id="'.$row->id.'" title="Edit" data-id="'.$row->id.'" onclick="DeleteRole('.$row->id.')" class="btn btn-flat btn-danger btn-sm">
                                         <span class="icon-trash"></span>
                                     </a>
                                 </div>
                             </div>';
                        return $btn;
                    })
                    ->rawColumns(['FullName'])
                    ->rawColumns(['action'])
                    ->escapeColumns([])
                    ->make(true);
}

Hello, I want to use @can('user-create') in Controller datatable Yajra so that a user does not see the button in he has no access. I can do it in blade but not in controller. I want to check if the role has the permission to perform tasks in that way. Otherwise my code is running fine only this is making it tiresome.

Answer 1

You can do it in 2 ways :

1. checking permission in the controller

Eg. :

if ($request->ajax()) {
    $data = User::latest()->get();
    
    // get logged user
    $user = auth()->user();
    
    return Datatables::of($data)           
        ->addColumn('action', function($row) use ($user) {
            $btn = '';
        
            if ($user->can('user-show') {
                $btn = '<div class="btn-toolbar" role="toolbar" aria-label="Toolbar with button groups"><div class="btn-group" role="group">
                <a href="'.route("users.showrole",$row->id).'" data-toggle="tooltip" title="Show" class="btn btn-default btn-flat btn-sm"><span class="icon-size-fullscreen"></span> Show</a>';
            }
            if ($user->can('user-edit') {
                $btn = $btn.'<a href="'.route("users.editrole",$row->id).'" data-toggle="tooltip" id="'.$row->id.'" title="Edit" data-id="'.$row->id.'" class="edit btn btn-primary btn-flat btn-sm CategoryEdit" onclick="CategoryEdit()"><span class="icon-pencil"></span></a>';
            }
            $btn = $btn.'<a href="javascript:void(0)" data-toggle="tooltip" id="'.$row->id.'" title="Edit" data-id="'.$row->id.'" onclick="DeleteRole('.$row->id.')" class="btn btn-flat btn-danger btn-sm"><span class="icon-trash"></span></a> </div></div>';
            
            return $btn;
        })
        ->rawColumns(['action'])
        ->make(true);
}

or Another Way

if ($request->ajax()) {
        $data = User::latest()->get();
      
        
        return Datatables::of($data)
            ->addIndexColumn()
            ->addColumn('FullName', function($row){
                $name = $row->fname.' '.$row->lname;
                return $name;
            })
            ->addColumn('actions', 'path.actions')
            ->rawColumns(['FullName'])
            ->escapeColumns([])
            ->make(true);
    }

and your blade file be like

@can('user-edit')
Your code
@endcan

Answer 2

If you use spatie permission plugin, you can use $user->can('permission') in your controllers.

Here :

if ($request->ajax()) {
    $data = User::latest()->get();
    
    // get logged user
    $user = auth()->user();
    
    return Datatables::of($data)
        ->addIndexColumn()
        ->addColumn('FullName', function($row){
            $name = $row->fname.' '.$row->lname;
            return $name;
        })
        ->addColumn('action', function($row) use ($user) {
            $btn = '';
        
            if ($user->can('user-show') {
                $btn = '<div class="btn-toolbar" role="toolbar" aria-label="Toolbar with button groups"><div class="btn-group" role="group">
                <a href="'.route("users.showrole",$row->id).'" data-toggle="tooltip" title="Show" class="btn btn-default btn-flat btn-sm"><span class="icon-size-fullscreen"></span> Show</a>';
            }
            if ($user->can('user-edit') {
                $btn = $btn.'<a href="'.route("users.editrole",$row->id).'" data-toggle="tooltip" id="'.$row->id.'" title="Edit" data-id="'.$row->id.'" class="edit btn btn-primary btn-flat btn-sm CategoryEdit" onclick="CategoryEdit()"><span class="icon-pencil"></span></a>';
            }
            $btn = $btn.'<a href="javascript:void(0)" data-toggle="tooltip" id="'.$row->id.'" title="Edit" data-id="'.$row->id.'" onclick="DeleteRole('.$row->id.')" class="btn btn-flat btn-danger btn-sm"><span class="icon-trash"></span></a> </div></div>';
            
            return $btn;
        })
        ->rawColumns(['FullName'])
        ->rawColumns(['action'])
        ->escapeColumns([])
        ->make(true);
}