laravel/ how to check a permissions in blade and controller?

Question

I create some permissions and roles for my laravel project.

in web.php route, I can define a middleware like this with some permissions:

$can = ['can:manage_global,manage_users,create_users'];
$this->get('/create', 'UserController@create')->middleware($can);

or in blade with one permission:

@can('manage_global')
   ...
@endcan

How can I check multi permission values in blade and controller line web.php?

check this https://stackoverflow.com/questions/34188461/laravel-5-1-can-how-use-or-clause — Roman Meyer, Dec 05 '18 at 13:56
if i understood you correctly, try that https://laravel.com/docs/5.7/controllers#controller-middleware — Roman Meyer, Dec 05 '18 at 14:27
Are you trying to check multi-permissions in your blade file AND in your controller, like you can in your web routes? Is that what I'm understanding? (Also, which version of Laravel are you using?) — Jim Rubenstein, Dec 05 '18 at 15:01

Roman Meyer · Answer 1 · 2018-12-05T14:46:30.897

You can write middleware.

class CanAnyMiddleware
{
    public function handle($request, Closure $next, $permissions)
    {
        foreach ($permissions as $permission) {
            if ( $request->user()->can($permission)) {
                return $next($request); // allow
            }
        }

        return redirect(route('home')); // deny
    }
}

And use it in route string.

Route::get('/create', 'UserController@create')
    ->middleware('canAny:manage_global,manage_users,create_users');

And since Laravel 5.6 you can use @canany in Blade:

@canany(['manage_global', 'manage_users', 'create_users'])
    ...
@endcanany

https://github.com/laravel/framework/pull/24137

Jim Rubenstein · Answer 2 · 2018-12-05T15:26:42.320

If you're trying to check if a user can access any of your defined gates, from the controller, you can take a queue from the existing Authorizable trait and add some additional functionality in your own trait.

<?php

namespace App\Traits\MyAuthorizable;

use Illuminate\Contracts\Auth\Access\Gate;

trait MyAuthorizable {
  public function canAny(array $abilities, $arguments = []) {
    return collect($abilities)->reduce(function($canAccess, $ability) use ($arguments) {
      // if this user has access to any of the previously checked abilities, or the current ability, return true
      return $canAccess || app(Gate::class)->forUser($this)->check($ability, $arguments);
    }, false);
  }

  public function canAll(array $abilities, $arguments = []) {
    return collect($abilities)->reduce(function($canAccess, $ability) use ($arguments) {
      // if this user has access to _all_ of the previously checked abilities, _and_ the current ability, return true
      return $canAccess && app(Gate::class)->forUser($this)->check($ability, $arguments);
    }, true);
  }
}

You can than add this trait to your user class with use App\ MyAuthorizable; in your user class definition.

This will expose the canAny and canAll methods for your user, which you can then access from your controller.

<?php

public function get($request) {
    $User = Auth::User();

    if ($User->canAll(['manage_global', 'manage_users', 'create_users'])) {
        // user can do all of the things
    } elseif ($User->canAny(['manage_global', 'manage_users', 'create_users']) {
        // user can only do _some_ of the things
    } else {
        // user can do _none_ of the things
    }
}

laravel/ how to check a permissions in blade and controller?

2 Answers2