laravelio/laravel.io

// You generate such file with Artisan command "php artisan make:policy ArticlePolicy"
// In each method, you automatically get the User object from the session
// Each method should return TRUE or FALSE
// Also, you may accept more parameters, which you would need to pass when checking
 
final class ArticlePolicy
{
    const UPDATE = 'update';
    const DELETE = 'delete';
    const APPROVE = 'approve';
    const DISAPPROVE = 'disapprove';
    const PINNED = 'togglePinnedStatus';
 
    public function update(User $user, Article $article): bool
    {
        return $article->isAuthoredBy($user) || $user->isModerator() || $user->isAdmin();
    }
 
    public function delete(User $user, Article $article): bool
    {
        return $article->isAuthoredBy($user) || $user->isModerator() || $user->isAdmin();
    }
 
    public function approve(User $user, Article $article): bool
    {
        return $user->isModerator() || $user->isAdmin();
    }
 
    public function disapprove(User $user, Article $article): bool
    {
        return $user->isModerator() || $user->isAdmin();
    }
 
}

// To use the policy, just call $this->authorize() from the Controller
 
use App\Policies\ArticlePolicy;
 
class ArticlesController extends Controller
{
    public function approve(Article $article)
    {
        $this->authorize(ArticlePolicy::APPROVE, $article);
 
        $this->dispatchNow(new ApproveArticle($article));
 
        // ... other method code
    }
}

// Functions like $user->isModerator() come from the User model
 
final class User extends Authenticatable implements MustVerifyEmail
{
    const DEFAULT = 1;
    const MODERATOR = 2;
    const ADMIN = 3;
 
    public function type(): int
    {
        return (int) $this->type;
    }
 
    public function isModerator(): bool
    {
        return $this->type() === self::MODERATOR;
    }
 
    public function isAdmin(): bool
    {
        return $this->type() === self::ADMIN;
    }
}