Comments (7)
Well I can't answer the first question, the second one makes more sense with $entity->created_by instead of $user->id. It gives the option to allow a user to create something on behalf of someone else. (for example an admin creating a missing "item" on behalf of a user, you want the user to own the item, not the admin)
$entity->created_by == $user->id would work fine when it belongs to the user.
from laravel-governor.
Thank you, that makes things clearer for me. :-)
from laravel-governor.
To you first question:
Normally when creating a new entity, in this case an Entity instance, you will pass in a new instance that has not yet been saved. This new instance may or may not already be populated. In the event that it is not populated, created_by will be null, but in the event it already was populated, it might have your current user. However, you don't want to hardcode your user->id in to the permission, it usually is better to rely on the method parameters. This makes for a less tightly coupled, and thus easier maintainable class.
I hope this helps explain things?
from laravel-governor.
If this question isn't fully answered for you, please feel free to re-open.
from laravel-governor.
from laravel-governor.
I will add a unit test to distinguish between the two. :) Will get back to you on this. While I think the current implementation is correct, it is possible I have not encountered the specific scenario in my own projects that would be sensitive to this.
from laravel-governor.
@Evertt I looked into this and have concluded that the functionality as it stands is correct. If a model is being evaluated in the policy, and created_by is null, it should be treated as not created by the user being evaluated, hence other
is the correct assumption. If you do want it to be evaluated as own
be sure to set the created_by to the respective user before evaluating.
If this doesn't answer your issue, please feel free to re-open. :)
from laravel-governor.
Related Issues (20)
- Governor Policies Are Causing Nova Queries To Run Twice
- Add Caching For
- Integrate Teams functionality
- Add Functionality To Transfer Ownership
- Allow Team Owners To Specify Permissions For Team Members HOT 1
- Allow Team Owners To Only Assign Permission Equal Or Lower Than Their Own HOT 1
- Hide Team Permissions That Consist Only Of "No" Options HOT 1
- Prevent Team Owner From Being Able To Delete Their Own Member Record
- Default Team Permissions To Team Owner's Permissions
- Rename Actions and Ownerships To Something More Meaningful on the front-end.
- Prevent Entity Name Collission
- Allow admin to provide aliases for Entity names.
- Fix group names not displaying on permissions page.
- Allow super admin to see team permissions.
- Create Nova card to let user switch teams.
- Update Governor To Not Use Composite Keys HOT 1
- Implement policy detection for auto-discovered policies.
- Fix extraneously added entities that are missing package name.
- Fix error in entity controller.
- Implement Laravel 6 gate features with custom deny messaging.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from laravel-governor.