Laravel Policies in Model and how to avoid authorization in particular views.

Question

I will try to explain. Im developing an Ecommerce application and in order to provide backend authorization I applied laravel Policies to a Model (product model).

The problem resides when I tried to use the same product model in frontend views, where all users can see the products.

Policies are applied to all the model no matter if the route view is protected and I cannot find the way to leave some views (eg: frontend>list products) retrieving information from model with no authorization policy.

Eg: of the policy applied to View in backend:

public function view(User $user)
{
    $method = (string)$this->ability;
    if ($user->hasRole($this->Model) === null) {
        return 0;

    }
    return $user->hasRole($this->Model)->$method;
}

What I need is to create another public function in product policy that list products in frontend without requesting authorization to the user.

thanks.

Donaven Snowden Donaven Snowden · Accepted Answer · 2017-11-29T19:38:26

You may want to create a constructor function in your controller that allows non-authenticated users to access the products view. The following snippet provides access to every function in the controller except for the destroy (session destroy, logout) function.

public function __construct()
{
    $this->middleware('guest', ['except' => 'destroy']);
}

I hope this helps point you in the right direction.

Laravel Policies in Model and how to avoid authorization in particular views.

1 Answers