0
I have a small application written with Laravel 5.3, at a certain point I perform a check to see if the logged-in user has permission to edit/change or delete a particular post:
if(!$post = Auth::user()->posts()->where('id', $id)->first()) {
return redirect()->route('post.index')
->with(['status' => 'danger', 'mensagem' => 'Este post não te pertence!']);
}
How can I create a policy and use is so that the administrator (super admin) and the owner of the post are the only ones to have permission on the post?
How do you differentiate the admin from the user?
– Miguel
The super admin has id = 1, IE, it is the first record present in the database.
– Fábio Jânio
And how it identifies that the owner is the owner of the post?
– Kenny Rafael