I created a policy named ProjectPolicy with one function:

public function update(User $user, Project $project)
{
    return $project->owner_id == $user->id;
}

I registered my policy in my AuthServiceProvider as:

protected $policies = [
    'App\Project' => 'App\Policies\ProjectPolicy'
]

Also in the AuthServiceProvider, I have this:

public function boot(Gate $gate)
{
    $this->registerPolicies();

    $gate->before(function ($user) {
        return $user->isAdmin();
    });
}

This is supposed to not apply the policy if the user is admin. But when I do this, it completely takes away the access for non-admin users. Why?

1 Answers

0
user1506104 On Best Solutions

To fix it, the boot method should be updated as:

public function boot(Gate $gate)
{
    $this->registerPolicies();

    $gate->before(function ($user) {
        return $user->isAdmin() ? true : null;
    });
}

From the https://laravel.com/docs/5.8/authorization#intercepting-gate-checks:

If the before callback returns a non-null result that result will be considered the result of the check.