Laravel - Authorization - Controller Actions That Dont Require Models
As previously discussed, some policy methods like create
do not require a model instance. In these situations, you should pass a class name to the authorize
method. The class name will be used to determine which policy to use when authorizing the action:
use App\Models\Post;
use Illuminate\Http\Request;
/**
* Create a new blog post.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function create(Request $request)
{
$this->authorize('create', Post::class);
// The current user can create blog posts...
}