Taking care of authorization | laravel-comments | Spatie SPATIE laravel-comments ================ spatie.be/open-source [Docs](https://spatie.be/docs) [Laravel-comments](https://spatie.be/docs/laravel-comments/v1) Livewire-components Taking care of authorization Version v2 v1 Other versions for crawler [v2](https://spatie.be/docs/laravel-comments/v2) [v1](https://spatie.be/docs/laravel-comments/v1) - [ Introduction ](https://spatie.be/docs/laravel-comments/v1/introduction) - [ Getting a license ](https://spatie.be/docs/laravel-comments/v1/getting-a-license) - [ Requirements ](https://spatie.be/docs/laravel-comments/v1/requirements) - [ Installation & setup ](https://spatie.be/docs/laravel-comments/v1/installation-setup) - [ Questions and issues ](https://spatie.be/docs/laravel-comments/v1/questions-issues) - [ Changelog ](https://spatie.be/docs/laravel-comments/v1/changelog) - [ About us ](https://spatie.be/docs/laravel-comments/v1/about-us) Basic usage ----------- - [ Working with comments ](https://spatie.be/docs/laravel-comments/v1/basic-usage/working-with-comments) - [ Working with reactions ](https://spatie.be/docs/laravel-comments/v1/basic-usage/working-with-reactions) - [ Transforming comments ](https://spatie.be/docs/laravel-comments/v1/basic-usage/transforming-comments) - [ Sending notifications ](https://spatie.be/docs/laravel-comments/v1/basic-usage/sending-notifications) - [ Approving comments ](https://spatie.be/docs/laravel-comments/v1/basic-usage/approving-comments) - [ Listing comments in Laravel Nova ](https://spatie.be/docs/laravel-comments/v1/basic-usage/listing-comments-in-laravel-nova) Livewire components ------------------- - [ Introduction ](https://spatie.be/docs/laravel-comments/v1/livewire-components/introduction) - [ Installation ](https://spatie.be/docs/laravel-comments/v1/livewire-components/installation) - [ Using the components ](https://spatie.be/docs/laravel-comments/v1/livewire-components/using-the-components) - [ Taking care of authorization ](https://spatie.be/docs/laravel-comments/v1/livewire-components/taking-care-of-authorization) - [ Customising the views ](https://spatie.be/docs/laravel-comments/v1/livewire-components/customising-the-views) - [ Miscellaneous options ](https://spatie.be/docs/laravel-comments/v1/livewire-components/miscellaneous-options) - [ Using Markdown ](https://spatie.be/docs/laravel-comments/v1/livewire-components/using-markdown) - [ Upgrading laravel-comments-livewire ](https://spatie.be/docs/laravel-comments/v1/livewire-components/upgrading) You are viewing the documentation for **an older version** of this package. You can check the version you are using with the following command: ` composer show spatie/laravel-comments ` Taking care of authorization ============================ ### On this page 1. [ Modifying the policy ](#content-modifying-the-policy) By default, only the user that has created a comment may update or delete it. This behaviour is implemented using [a policy](https://laravel.com/docs/9.x/authorization#generating-policies) that is included in the package: `Spatie\LivewireComments\Policies\CommentPolicy` This is the default implementation. ``` namespace Spatie\LivewireComments\Policies; use Illuminate\Database\Eloquent\Model; use Spatie\Comments\Models\Comment; use Spatie\Comments\Models\Concerns\Interfaces\CanComment; class CommentPolicy { /** * @param CanComment|Model $commentator * @param Model $commentableModel * * @return bool */ public function create(?CanComment $user): bool { return true; } /** * @param CanComment|Model $commentator * @param Model $commentableModel * * @return bool */ public function update(?CanComment $user, Comment $comment): bool { if ($comment->getApprovingUsers()->contains($user)) { return true; } return $comment->madeBy($user); } /** * @param CanComment|Model $commentator * @param Model $commentableModel * * @return bool */ public function delete(?CanComment $user, Comment $comment): bool { if ($comment->getApprovingUsers()->contains($user)) { return true; } return $comment->madeBy($user); } /** * @param CanComment|Model $commentator * @param Model $commentableModel * * @return bool */ public function react(CanComment $user, Model $commentableModel): bool { return true; } public function see(?CanComment $user, Comment $comment): bool { if ($comment->isApproved()) { return true; } if (! $user) { return false; } if ($comment->madeBy($user)) { return true; } return $comment->getApprovingUsers()->contains($user); } public function approve(CanComment $user, Comment $comment): bool { return $comment->getApprovingUsers()->contains($user); } public function reject(CanComment $user, Comment $comment): bool { return $comment->getApprovingUsers()->contains($user); } } ``` Modifying the policy -------------------------------------------------------------------------------------------------------------------- To modify the behaviour of the policy, you should create a class the extends the default policy. Let's assume you want to allow admins of your app to be able to update and delete comments by any user. ``` namespace App\Policies; use Spatie\LivewireComments\Policies\CommentPolicy; class CustomCommentPolicy extends CommentPolicy { public function update(Model $user, Comment $comment): bool { if ($user->admin) { return true; } return parent::update($user, $comment); } public function delete(Model $user, Comment $comment): bool { if ($user->admin) { return true; } return parent::delete($user, $comment); } } ``` Next, you should add a `policies` key to the `comments` config file and set the `comment` key inside it to the class name of your policy ``` // copy the `policies` key to `config/comments.php` return [ 'policies' => [ /* * The class you want to use as the comment policy. It needs to be or * extend `Spatie\LivewireComments\Policies\CommentPolicy`. */ 'comment' => App\Policies\CustomCommentPolicy::class, ], ] ```