Policies (Laravel Forum 6.x)
Policies
Four Authorization Policies are defined to provide default permission checks. You can override them and change the corresponding namespaces specified in the forum.integration.policies
config value to allow or deny forum abilities to different users.
Note that every policy method must return a boolean (true
to allow or false
to deny).
Forum
TeamTeaTime\Forum\Policies\ForumPolicy
This policy defines a few top-level abilities that don’t apply to a specific category, thread, or post.
Methods in this policy accept a $user
parameter.
Ability | Description |
---|---|
createCategories | Allows creating categories at any level. |
moveCategories | Allows relocating and reordering categories. |
editCategories | Allows editing non-hierarchical category fields. Checked before CategoryPolicy::edit . |
deleteCategories | Allows deleting categories. Checked before CategoryPolicy::delete . |
markThreadsAsRead | Allows marking new/updated threads as read. |
viewTrashedThreads | Allows viewing threads that have been soft-deleted. |
viewTrashedPosts | Allows viewing posts that have been soft-deleted. |
Category
TeamTeaTime\Forum\Policies\CategoryPolicy
This policy defines abilities pertaining to individual categories.
Methods in this policy accept $user
and $category
parameters.
Ability | Description |
---|---|
view | Allows viewing the category (if it’s set to be private) and anything inside it, including child categories. Checked before ThreadPolicy::view when browsing/viewing threads. |
edit | Allows editing non-hierarchical category fields. |
delete | Allows deletion of the category. |
createThreads | Allows new thread creation in the category. |
manageThreads | Encompasses thread modifying/deleting abilities in the category. |
deleteThreads | Allows deleting threads in the category. Checked before ThreadPolicy::delete . |
restoreThreads | Allows restoring threads in the category. Checked before ThreadPolicy::restore . |
moveThreadsFrom | Allows moving threads from the category. |
moveThreadsTo | Allows moving threads to the category. |
lockThreads | Allows (un)locking of threads in the category. |
pinThreads | Allows (un)pinning of threads in the category. |
markThreadsAsRead | Allows marking new/updated threads in this category as read. |
manageThreads
is a shortcut that checks for any of the following abilities and should not need to be overridden in most cases:
deleteThreads
restoreThreads
moveThreadsFrom
lockThreads
pinThreads
The view
ability cascades to descendant categories, even those set as public. A user cannot access a category if it has an inaccessible ancestor.
Thread
TeamTeaTime\Forum\Policies\ThreadPolicy
This policy defines abilities pertaining to individual threads.
Methods in this policy accept $user
and $thread
parameters.
Ability | Description |
---|---|
view | Allows viewing the thread. CategoryPolicy::view is checked first. |
deletePosts | Allows deleting posts in the thread. Checked before PostPolicy::delete . |
restorePosts | Allows restoring posts in the thread. Checked before PostPolicy::restore . |
rename | Allows renaming the thread. |
reply | Allows replying to the thread (creating a new post). |
delete | Allows deleting the thread. CategoryPolicy::deleteThreads is checked first. |
restore | Allows restoring the thread. CategoryPolicy::restoreThreads is checked first. |
Post
TeamTeaTime\Forum\Policies\PostPolicy
This policy defines abilities pertaining to individual posts.
Methods in this policy accept $user
and $post
parameters.
Ability | Description |
---|---|
edit | Allows editing the post. |
delete | Allows deleting the post. ThreadPolicy::deletePosts is checked first. |
restore | Allows restoring the post. ThreadPolicy::restorePosts is checked first. |