Laravel blade @can policy - string

php laravel laravel-5 laravel-5.2 laravel-authorization
Peter picture Peter · Apr 6, 2016 · Viewed 12k times · Source

I am using Laravel 5.2. So I'm learning about how to deal with roles and permissions Authorization. Everything runs fine. I even made my own policy PostPolicy.

And now to the problem. I load the $post data into the view in the PostsController which then loads in blade.

PostsController:

public function show($id)
{
    $post = Post::find($id);

    return view('posts.show', compact('post'));
}

posts/show.blade.php:

@section('content')
<!-- begin -->
@can('hasRole', Auth::user())
    <h1>Displaying Admin content</h1>
@endcan

@can('hasRole', Auth::user())
    <h1>Displaying moderator content</h1>
@endcan

@can('hasRole', Auth::user())
    <h1>Displaying guest content</h1>
@endcan

Policy: 

  public function hasRole($user)
    {
        // just for test
        return true;
    }

Now that returns all the content.

When I change the @can('hasRole', Auth::user()) from Auth::user() to a string, i.E. 

@can('hasRole', 'guest')
    <h1>Displaying guest content</h1>
@endcan

In this case it doesn't return anything. As I am new to Laravel, I really don't know it doesn't work.

Answer

Marcin Nabiałek picture Marcin Nabiałek · Apr 6, 2016

You probably haven't read docs carefully enough. You should pass as the 2nd argument a model, not a string or user object. In your case, you should probably use something like this:

@section('content')
<!-- begin -->
@can('hasRole', $post)
    <h1>Displaying Admin content</h1>
@endcan

@can('hasRole', $post)
    <h1>Displaying moderator content</h1>
@endcan

@can('hasRole', $post)
    <h1>Displaying guest content</h1>
@endcan

But the question is what you really want achieve. If you want to use user roles only to verify permissions, you don't need to use this directive.

You can add to your User model functions to verify current roles for example

public function hasRole($roleName) 
{
   return $this->role == $roleName; // sample implementation only
}

and now you can use in your blade:

@section('content')
<!-- begin -->

@if (auth()->check())    
    @if (auth()->user()->hasRole('admin'))
        <h1>Displaying Admin content</h1>       
    @elseif (auth()->user()->hasRole('moderator'))
        <h1>Displaying moderator content</h1>
    @endif    
@else
    <h1>Displaying guest content</h1>
@endif

Related questions

Laravel 5.2: Auth::logout() is not working

I'm building a very simple app in Laravel 5.2, but when using AuthController's action to log out, it just simply doesn't work. I have a nav bar which checks for Auth::check() and it doesn't change after calling the log out …

Read More
laravel 5 : Class 'input' not found

In my routes.php file I have : Route::get('/', function () { return view('login'); }); Route::get('/index', function(){ return view('index'); }); Route::get('/register', function(){ return view('register'); }); Route::post('/register',function(){ $user = new \App\User; $…

Read More
Manually register a user in Laravel

Is it possible to manually register a user (with artisan?) rather than via the auth registration page? I only need a handful of user accounts and wondered if there's a way to create these without having to set up the …

Read More