To enable permissions checking in MoonShine resource controllers, you need to follow these steps:
1. Set the `withPolicy` Property: In your resource class, set the `withPolicy` property to `true`. This property determines whether permissions checking is enabled for the resource controller.
php
namespace App\MoonShine\Resources;
use App\Models\Post;
use MoonShine\Resources\ModelResource;
class PostResource extends ModelResource {
protected string $model = Post::class;
protected bool $withPolicy = true; // Enable permissions checking
}
2. Create a Policy: Use the Artisan command to create a policy for your resource. This policy will define the permissions for various actions (like view, create, update, delete).
bash
php artisan moonshine:policy
3. Define Policy Methods: In the generated policy class, implement methods for each action you want to control. The available methods include:
- `viewAny`: for listing resources
- `view`: for viewing a single resource
- `create`: for creating a new resource
- `update`: for updating an existing resource
- `delete`: for deleting a resource
- `massDelete`: for bulk deletion
- `restore`: for restoring a soft-deleted resource
- `forceDelete`: for permanently deleting a resource
Example policy implementation:
php
namespace App\Policies;
use Illuminate\Auth\Access\HandlesAuthorization;
use App\Models\Post;
use MoonShine\Models\MoonshineUser;
class PostPolicy {
use HandlesAuthorization;
public function viewAny(MoonshineUser $user) {
return true; // Define your logic
}
public function view(MoonshineUser $user, Post $item) {
return true; // Define your logic
}
public function create(MoonshineUser $user) {
return true; // Define your logic
}
public function update(MoonshineUser $user, Post $item) {
return true; // Define your logic
}
public function delete(MoonshineUser $user, Post $item) {
return true; // Define your logic
}
public function massDelete(MoonshineUser $user) {
return true; // Define your logic
}
public function restore(MoonshineUser $user, Post $item) {
return true; // Define your logic
}
public function forceDelete(MoonshineUser $user, Post $item) {
return true; // Define your logic
}
}
4. Additional Authorization Logic: If you need to add more complex authorization logic, you can use the `defineAuthorization` method in the `AuthServiceProvider`.
By following these steps, you can effectively enable and manage permissions checking in your MoonShine resource controllers, ensuring that access is appropriately controlled based on user roles and permissions[1][2].
Citations:[1] https://moonshine-laravel.com/docs/resource/advanced/advanced-authorization
[2] https://moonshine-laravel.com/docs/resource/models-resources/resources-authorization
[3] https://github.com/SWEET1S/moonshine-roles-permissions
[4] https://moonshine-laravel.com/docs/resource/advanced/advanced-authentication
[5] https://moonshine.cutcode.dev/section/resources-index
[6] https://github.com/SWEET1S/moonshine-database
[7] https://stackoverflow.com/questions/7088486/best-way-to-do-permissions-checks-in-controllers
[8] https://moonshine-laravel.com