I'm learning authorization in laravel 9 using 'gate'. In my case, I want to protect my controller so who can access the controller only users who have "delete" and "edit" 'gate'.
Then I created 2 new gates in 'App\Providers\AppServiceProvider' defined as follows:
Gate::define('edit', function (User $user) {
return $user->permission === 'edit';
});
Gate::define('delete', function (User $user) {
return $user->permission === 'delete';
});
Then, I need to add $this->authorize('edit') and also $this->authorize('delete') in the controller, unfortunately it can't be done, laravel only accept once of $this->authorize('edit') or $this->authorize('edit').
The problem is, I have to add 2 conditions there, I also can't write an array as a parameter.
What I want is like this:
$this->authorize('edit' && 'delete')
Or:
$this->authorize(['edit', 'delete'])
Unfortunately, I can't add both. Basically, the user have to pass 2 checks (must have "edit" AND "delete' gate) using the laravel 'gate' feature in my controller.
The check is like this: "Does that user have edit access"? OR "Does that user have delete access"? if "yes/true", allow entry to the controller, else "return 403"
FOR EASIER EXAMPLES: I have this controller to delete a post on my web:
public function destroy(Post $post)
{
$this->authorize('edit'); // I want not only check 'edit', I want to check 'delete' too
$post->delete();
}
How to apply it?
I have checked this question but no answer
You can use the Gate facade to interact with the authorization system and without throwing an exception (just checking gates):
if (Gate::check(['edit', 'delete'])) {
// has all these permissions
} else {
// does not have all these permissions
}