So far, I have been able to allow the user to edit their own posts, but whenever I fulfill the condition if he owner of the subreddit/category , it completely stops working.
I have these 3 tables
Users: id, name, email... Subreddits: id, name, user_id... Posts: id, link, title, user_id, subreddit_id...
This is the edit() method in PostsController.php
public function edit(Post $post, Subreddit $subreddit) { if(Auth::id() !== $post->user_id) { return view('home')->withErrors('You cannot do that'); } else { return view('post/edit')->with('post', $post)->with('subreddit', $subreddit); } }
And this is a view
@if(Auth::id() == $post->user_id) <a href="{{ action(' PostsController@edit ', [$post->id]) }}">Edit</a> @endif
This works fine, it checks to see if user_id is registered as user_id and update messages.
But if I added if(Auth::id() == $subreddit->user_id) , it will stop working. It displays the "Edit" link in the view on all posts, but clicking on any of them gives me a validation error. You cannot do that even for messages that I have.
So, how can I check if the user is the owner of the article or the owner of the category to display and enable EDIT?
Updated method using $subreddit->user_id
public function edit(Post $post, Subreddit $subreddit) { if(Auth::id() == $post->user_id || Auth::id() == $subreddit->user_id) { return view('post/edit')->with('post', $post)->with('subreddit', $subreddit); } else { return view('home')->withErrors('You cannot do that'); } }
View
@if(Auth::id() == $post->user_id || Auth::id() == $subreddit->user_id) <a href="{{ action(' PostsController@edit ', [$post->id]) }}">Edit</a> @endif
This will allow me to edit my own posts, but still give me a validation error. You cannot do that in posts in my own forum subreddit category.
These are the Gate policies that I tried, but they didn't work either
class AuthServiceProvider extends ServiceProvider { // Authorizations and Permissions public function boot(GateContract $gate) { parent::registerPolicies($gate); $gate->define('update-post', function ($user, $post) { return $user->id === $post->user_id; }); $gate->define('mod-update-post', function ($user, $subreddit) { return $user->id === $subreddit->user_id; }); }
PostsController.php
public function edit(Post $post, Subreddit $subreddit, User $user) { if(Gate::denies('update-post', $post) && Gate::denies('mod-update-post', $subreddit)) { return view('home')->withErrors('You cannot do that'); } else { return view('post/edit')->with('post', $post)->with('subreddit', $subreddit); } }
View
@can('update-post', $post) <a href="{{ action(' PostsController@edit ', [$post->id]) }}">Edit</a> @endcan
With the above code, I can finally edit the messages if "update-post" is true, but I canβt check if mod-update-post valid, I keep getting a validation error. You cannot do this
dd($subreddit) inside the edit () method displays an empty array. https://cryptbin.com/x6V6wX#26810f755a62f6c8837c0c0fe0371dcf
EDIT: I think I decided. I used $post->subreddit->user->id instead of $subreddit->user_id because it returned null. And now all this works, based on the fact that the messages belong to the user or the user, is the owner of the forum.
But the edit link still shows if I have access. I cannot double check for update-post and mod-update-post at the same time. and using @can('update-post', $post) only works once, I can't double check this.