This isn’t an in-depth article on the topic. There are plenty of those around. However, I found it difficult to find a simple implementation for basic authorization. Below is a simple guard that checks if a user owns the relationship or if they are an admin, which are the only ways somebody can view the resource. The below code goes into your applications AuthServiceProvider.php file inside the boot() method.
Gate::define('show-user-relationship', function ($user, UserRelationship $relationship){
$admin_role_id = Role::where('name', 'admin')->first()->id;
return $user->id === $relationship->user_id || $user->role_id === $admin_role_id;
});
Then to use the gate, you can call it at such.
$user_relationship = UserRelationship::where(...)->first();
if (Gate::allows('show-user-relationship', $user_relationship))
//do something
}
Checkout the official docs for more information:
