public function show($id)
{
$this->article = Article::find($id); // Tips: instead of $id, you can use $this->params['id']
$this->authorize('read', $this->article);
But you still need to return the view
return view('articles.show', compact_property($this, 'article'));
}
A 'message' option can be passed to specify a different message.
$this->authorize('read', $this->article, ['message' => "Not authorized to read ".$this->article->name]);
You can also use I18n to customize the message. Action aliases defined in Authority work here.
return [
'unauthorized' => [
'manage' => [
'all' => "Not authorized to :action :subject.",
'user' => "Not allowed to manage other user accounts.",
],
'update' => [
'project' => "Not allowed to update this project."
],
],
];
You can catch the exception and modify its behavior in the report() method of the app/Exceptions/Handler.php file.
For example here we set the error message to a flash and redirect to the home page.
public function report(Exception $e)
{
if ($e instanceof \Efficiently\AuthorityController\Exceptions\AccessDenied) {
$msg = $e->getMessage();
\Log::error('Access denied! '.$msg);
return redirect()->route('home')->with('flash_alert', $msg);
}
return parent::report($e);
}
code...
See the Efficiently\AuthorityController\Exceptions\AccessDenied exception for more details on working with the exception.
See the loadAndAuthorizeResource() method to automatically add the authorize() behavior
to the default RESTful actions.