How do I check for permissions?

When checking for permission, you should always be as explicit as you can. For example, checking a user has the custom.view or custom.manage permissions.

Guarding content in a Blade file:

@can('custom.view')
    ...
@endcan

@canany(['orders', 'custom'])
    ...
@endcan

Checking the admin user has permission to access an endpoint:

Route::get('/my-module', [MyModuleController::class, 'index'])
    ->name('admin.modules.my-module')
    ->middleware('can:custom.view');

Route::get('/my-module/manage', [MyModuleController::class, 'manage'])
    ->name('admin.modules.my-module.manage')
    ->middleware('can:custom.manage');

Guarding the execution of code in a Controller:

if ($this->can('custom')) {
    // ...
}

if ($this->canAny(['orders', 'custom'])) {
    // ...
}

Articles in this section

Was this article helpful?
0 out of 0 found this helpful