Now I am moving the project from CodeIgniter to Laravel5.
I saw in Laracasts that you can use the method Request::authorize()to authorize access before calling the controller, and it returns true or false.
This would be (I think) the ideal solution, since I can contain permission checks in the request, rather than polluting the controller with permission checks and redirects / responses.
The only problem when I return falsefrom is authorize()that it just loads a blank white page with forbidden, and I cannot find the documentation on laravel.com on how to template it (either there is no documentation, or I don’t notice it)
I know that I can edit the 404 page in errors/404.blade.php, but I can’t decide how to configure the 403 page, which I tried to add a custom page 403.blade.phpthat doesn’t display, ( https://mattstauffer.co/blog/laravel-5.0-custom-error -pages )
Is putting these permission checks in the request a good idea? Or am I missing something?
Update
I launched backtrace from authorize(), and it looks like it is issuing UnauthorizedExceptionwhich extends RuntimeException. I tried to catch both in a file routes.phpwhich also does not work.
I also tried to create middleware and call the middleware from a method that also does not work, as the middleware is not even called at all.
2
, , $this->middleware() , , , , .