Authorization

You're browsing the documentation for an old version of MoonShine. Consider upgrading your project to MoonShine 2.x.

We stick to the Laravel concept, so using the Laravel policy we can operate access rights from the MoonShine admin panel

MoonShine resource controllers check each method for permissions. If difficulties arise, check the official Laravel documentation

By default, permission checking is disabled for resources. To enable it, you must add the $withPolicy property

Available Policy methods:

viewAny
view
create
update
delete
massDelete
restore
forceDelete

namespace App\Policies;
 
use Illuminate\Auth\Access\HandlesAuthorization;
use MoonShine\Models\MoonshineUser;
use App\Models\Post;
 
class PostPolicy
{
    use HandlesAuthorization;
 
    public function viewAny(MoonshineUser $user)
    {
        //
    }
 
    public function view(MoonshineUser $user, Post $model)
    {
        //
    }
 
    public function create(MoonshineUser $user)
    {
        //
    }
 
    public function update(MoonshineUser $user, Post $model)
    {
        //
    }
 
    public function delete(MoonshineUser $user, Post $model)
    {
        //
    }
 
    public function massDelete(MoonshineUser $user)
    {
        //
    }
 
    public function restore(MoonshineUser $user, Post $model)
    {
        //
    }
 
    public function forceDelete(MoonshineUser $user, Post $model)
    {
        //
    }
}

namespace App\Policies;

use Illuminate\Auth\Access\HandlesAuthorization;
use MoonShine\Models\MoonshineUser;
use App\Models\Post;

class PostPolicy
{
    use HandlesAuthorization;

    public function viewAny(MoonshineUser $user)
    {
        //
    }

    public function view(MoonshineUser $user, Post $model)
    {
        //
    }

    public function create(MoonshineUser $user)
    {
        //
    }

    public function update(MoonshineUser $user, Post $model)
    {
        //
    }

    public function delete(MoonshineUser $user, Post $model)
    {
        //
    }

    public function massDelete(MoonshineUser $user)
    {
        //
    }

    public function restore(MoonshineUser $user, Post $model)
    {
        //
    }

    public function forceDelete(MoonshineUser $user, Post $model)
    {
        //
    }
}

namespace MoonShine\Resources;
 
use MoonShine\Models\MoonshineUser;
 
class PostResource extends Resource
{
//...
 
public static bool $withPolicy = true; 
 
//...
}

namespace MoonShine\Resources;

use MoonShine\Models\MoonshineUser;

class PostResource extends Resource
{
//...

public static bool $withPolicy = true;

//...
}