-
Notifications
You must be signed in to change notification settings - Fork 330
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Owning A Model #601
Comments
Ensure that you have |
You have to first tell Bouncer that users may own leads: Bouncer::allowEveryone()->toOwn(Lead::class); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I've been struggling with this is issue all day and looking for a lifeline if possible.
Currently, I have one ability 'view-all-clients'. If a user doesn't have this, they can only see clients that they own. The clients table ('leads') has a column 'assigned_to' which links to the user.
In my
AppServiceProvider.php
boot method, I have the below:public function boot() { Bouncer::ownedVia(Lead::class, 'assigned_to'); }
Calls to
@can('view-all-clients', $model)
return false and$this->authorize('view-all-clients', $lead)
throws a 403, when theusers.id === leads.assigned_to
.Can anyone shed any light here? Regardless of the ability, the ownedVia should override?
My abilities table:
INSERT INTO
abilities(
id,
name,
title,
entity_id,
entity_type,
only_owned,
options,
scope,
created_at,
updated_at) VALUES ('2', 'view-all-clients', 'View all clients leads', NULL, 'App\\Clients\\Lead', '0', NULL, NULL, '2022-07-11 16:01:27', '2022-07-11 16:01:27');
Thanks in advance.
The text was updated successfully, but these errors were encountered: