For authorization, I use laravel policies . The problem is that they do not work for guests. How do I check guest rights?

My code is:

In the controller:

class PostController extends Controller { public function index(Post $post) { $this->authorize($post); return $post->all(); } }

In politics:

 class PostPolicy { // Эта функция выполняется только для аутентифицированных пользователей. // Хотелось бы, чтобы она выполнялась и для гостей public function index(User $user) { return $user->can('get-posts'); } }

I need the ability to restrict access to controller methods for some users. The rights will be stored in the database and can be changed through the admin area. It seems to me that the standard politician mechanism is suitable for this, where I could check access to each method of the controller + using the entrust module, the database stores roles and privileges for users. And with any request, I can check permissions using the $ user-> can () method. But all that does not work for guests. I do not understand why this is done, because users also have rights. And it is not clear how now to check whether users have privileges for any action.

    1 answer 1

    It all depends of course on how large your application will be. But I can draw your attention to middleware, this kind of verification is usually enough for small applications. If you need to bind specifically to each user rights and his role in the system, you can implement it yourself by wrapping an existing User but if you don’t want to reinvent the wheel then this is not the only package and many of them are the keyword laravel access rights user :)