Policies (Laravel Forum 6.x)

Policies

Four Authorization Policies are defined to provide default permission checks. You can override them and change the corresponding namespaces specified in the forum.integration.policies config value to allow or deny forum abilities to different users.

Note that every policy method must return a boolean (true to allow or false to deny).

Forum

TeamTeaTime\Forum\Policies\ForumPolicy

This policy defines a few top-level abilities that don’t apply to a specific category, thread, or post.

Methods in this policy accept a $user parameter.

AbilityDescription
createCategoriesAllows creating categories at any level.
moveCategoriesAllows relocating and reordering categories.
editCategoriesAllows editing non-hierarchical category fields. Checked before CategoryPolicy::edit.
deleteCategoriesAllows deleting categories. Checked before CategoryPolicy::delete.
markThreadsAsReadAllows marking new/updated threads as read.
viewTrashedThreadsAllows viewing threads that have been soft-deleted.
viewTrashedPostsAllows viewing posts that have been soft-deleted.

Category

TeamTeaTime\Forum\Policies\CategoryPolicy

This policy defines abilities pertaining to individual categories.

Methods in this policy accept $user and $category parameters.

AbilityDescription
viewAllows viewing the category (if it’s set to be private) and anything inside it, including child categories. Checked before ThreadPolicy::view when browsing/viewing threads.
editAllows editing non-hierarchical category fields.
deleteAllows deletion of the category.
createThreadsAllows new thread creation in the category.
manageThreadsEncompasses thread modifying/deleting abilities in the category.
deleteThreadsAllows deleting threads in the category. Checked before ThreadPolicy::delete.
restoreThreadsAllows restoring threads in the category. Checked before ThreadPolicy::restore.
moveThreadsFromAllows moving threads from the category.
moveThreadsToAllows moving threads to the category.
lockThreadsAllows (un)locking of threads in the category.
pinThreadsAllows (un)pinning of threads in the category.
markThreadsAsReadAllows marking new/updated threads in this category as read.

manageThreads is a shortcut that checks for any of the following abilities and should not need to be overridden in most cases:

  • deleteThreads
  • restoreThreads
  • moveThreadsFrom
  • lockThreads
  • pinThreads

The view ability cascades to descendant categories, even those set as public. A user cannot access a category if it has an inaccessible ancestor.

Thread

TeamTeaTime\Forum\Policies\ThreadPolicy

This policy defines abilities pertaining to individual threads.

Methods in this policy accept $user and $thread parameters.

AbilityDescription
viewAllows viewing the thread. CategoryPolicy::view is checked first.
deletePostsAllows deleting posts in the thread. Checked before PostPolicy::delete.
restorePostsAllows restoring posts in the thread. Checked before PostPolicy::restore.
renameAllows renaming the thread.
replyAllows replying to the thread (creating a new post).
deleteAllows deleting the thread. CategoryPolicy::deleteThreads is checked first.
restoreAllows restoring the thread. CategoryPolicy::restoreThreads is checked first.

Post

TeamTeaTime\Forum\Policies\PostPolicy

This policy defines abilities pertaining to individual posts.

Methods in this policy accept $user and $post parameters.

AbilityDescription
editAllows editing the post.
deleteAllows deleting the post. ThreadPolicy::deletePosts is checked first.
restoreAllows restoring the post. ThreadPolicy::restorePosts is checked first.