I am new to laravel spark and I'm trying to figure out the built-in API functionality. I am trying to consume the API within my application but the permissions I am setting seem that are not functioning properly or I am doing something wrong.
This is my api.php
Route::group([
'middleware' => 'auth:api'
], function () {
Route::get('/servers', function () {
if (Auth::user()->token()->can('read-servers')) {
return 'OK';
}else{
return 'Unauthorised';
}
});
});
Which when I call through postman is working just fine and returns 'Unauthorised' but when I am calling it through my view it always returns 'OK'.
My home.js
Vue.component('home', {
props: ['user'],
ready() {
//
},
methods: {
greet: function () {
this.$http.get('/api/servers')
.then(response=> {
alert(response.data)
});
}
}
});
Are my permissions being skipped just because I am calling the api within my app? Should I use an additional package such as spatie/laravel-permission to handle roles/permissions within the app? Is what I am trying to do even valid?
