policies in devhub-az/devhub

app/Policies/AuthorPolicy.php

use App\Models\User;

final class AuthorPolicy
{
    const FOLLOW = 'follow';
    const ADMIN = 'admin';
    const BAN = 'ban';
    const DELETE = 'delete';

    public function follow(User $user, User $subject): bool
    {
        return $user->id !== $subject->id;
    }

    public function admin(User $user): bool
    {
        return $user->isAdmin() || $user->isModerator();
    }

    public function ban(User $user, User $subject): bool
    {
        return ($user->isAdmin() && ! $subject->isAdmin()) ||
            ($user->isModerator() && ! $subject->isAdmin() && ! $subject->isModerator());
    }

    public function delete(User $user, User $subject): bool
    {
        return ($user->isAdmin() || $user->matches($subject)) && ! $subject->isAdmin();
    }
}

app/Providers/AuthServiceProvider.php

Open in GitHub

use App\Models\User;
use App\Policies\AuthorPolicy;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    //
    protected $policies = [
        User::class => AuthorPolicy::class,
        //
    ];
    //
}

app/Http/Controllers/Admin/UsersController.php

Open in GitHub

use App\Models\User;
use App\Policies\AuthorPolicy;
use App\Jobs\BanUser;
use Illuminate\Auth\Access\AuthorizationException;

class UsersController extends Controller
{
    //
    public function ban(User $user): RedirectResponse
    {
        try {
            $this->authorize(AuthorPolicy::BAN, $user);
        } catch (AuthorizationException $e) {
        }

        $this->dispatchNow(new BanUser($user));

        return back();
    }
    //
}

devhub-az/devhub

app/Policies/AuthorPolicy.php

app/Providers/AuthServiceProvider.php

app/Http/Controllers/Admin/UsersController.php

Additional resources on policies:

Laravel Roles and Permissions: All CORE Things You Need To Know

How To Use Laravel Gates And Policies?

Policy Usage: Adding more policies