Laravel 5 determine if current user has permission to update a post

Question

I am following jeffreys laravel fundamental series and I'm stuck at some point.

How can I ensure that the current user can only edit/update his own article?

I have the feeling that I have to focus on my ArticleRequest class, but no idea what to tell laravel to do inside authorize().

My ArticlesController:

<?php
namespace App\Http\Controllers;

use App\Article;
use Carbon\Carbon;
use App\Http\Requests\ArticleRequest;
use App\Http\Requests;
use Illuminate\Http\Request;
use Auth;

class ArticlesController extends Controller
{

public function __construct() {
  $this->middleware('auth');
}


public function index() {

  $articles = Article::latest('published_at')->published()->get();
  return view('articles.index')->withArticles($articles);
}

public function show($id) {

  $article = Article::findOrFail($id);
  //dd($article->created_at->diffForHumans());
  return view('articles.show')->withArticle($article);
}

public function create() {

  return view('articles.create');
}


public function store(ArticleRequest $request) {

  //Create new article witj the attributes from the form
  $article = new Article($request->all());
  //Get the authenticated users articles and save a new one (with passed trough $article object)
  Auth::user()->articles()->save($article);

  return redirect('articles');
}

public function edit($id) {

  $article = Article::findOrFail($id);
  return view('articles.edit')->withArticle($article);
}


public function update($id, ArticleRequest $request) {

  $article = Article::findOrFail($id);
  $article->update($request->all());
  return redirect('articles');

 }
}

ArticleRequest:

<?php

namespace App\Http\Requests;

use App\Http\Requests\Request;

class ArticleRequest extends Request
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {


        return true;
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {

        return [
            'title' => 'required',
            'body' => 'required',
            'published_at' => 'required|date'
        ];
    }
}

My ArticlesTabel Schema:

Schema::create('articles', function (Blueprint $table) {
          $table->increments('id');
          $table->integer('user_id')->unsigned();
          $table->string('title');
          $table->text('body');
          $table->timestamp('created_at');
          $table->timestamp('published_at');

          $table->foreign('user_id')
                ->references('id')
                ->on('users')
                ->onDelete('cascade');

      });

Answer 1

I can give you advice,

In my most projects i use Entrust Laravel.

Here is link : Entrust Laravel

You can install easily with composer :

composer require zizaco/entrust:5.2.x-dev

Version depend on laravel framework version you are using.

if you will go through documentation you can see this :

class Permission extends EntrustPermission
{
}

Create this class in App directory.

After this you will have blade code :

@permission('manage-admins')
    <p>This is visible to users with the given permissions. Gets translated to 
    \Entrust::can('manage-admins'). The @can directive is already taken by core 
    laravel authorization package, hence the @permission directive instead.</p>
@endpermission

Easy but you have to go through documentation.

Let me know if anything else.

Answer 2

For adding roles and permissions you can use github package zizaco/entrust. click here

check how to add roles and permissions.check all answers which was given by me in below link.

click on link for example