I use laravel policies to check access to controller methods.

Here is my PostController controller. The index () method to display a list of users:

class PostController extends Controller { public function index(Post $post) { $this->authorize($post); return $post->all(); } }

Here is my PostPolicy policy (checking the permissions on the index () method of the PostController).

 class PostPolicy { // This function executes only for authenticated users. // I want to use it for guest users too public function index(User $user) { return $user->can('get-posts'); } }

I use the https://github.com/Zizaco/entrust module for authorization by roles. Roles and privileges are stored in the database and I can use the $user->can('get-posts') call to check the rights to view the list of posts. This works with authenticated users, but for some reason does not work with guests. For guests, the Index method in the PostPolicy policy is not called at all. For guests, access to the index method of PostController is always denied.

Why don't Laravel politicians work with guests? After all, the guests may also have some rights. How do I assign guest rights?

    1 answer 1

    The problem is that index expects the User class object to enter:

    public function index ( User $ user)

    And if the user is not authorized, then for him there is no such object. I liked the solution the most:
    The class Guest extends User and you write

     # Http/Middleware/Authenticate protected function authenticate(array $guards) { if (empty($guards)) { return $this->auth->authenticate(); } foreach ($guards as $guard) { if ($this->auth->guard($guard)->check()) { return $this->auth->shouldUse($guard); } } $this->auth->setUser(new Guest()); }

    https://github.com/laravel/framework/issues/10568#issuecomment-243692377

    Accordingly, in the argument you write

    public function index ( Guest $ user)