In this episode, we're diving into basic permission and authorization checking in an Inertia (Laravel + Vue) setup. We start by looking at how to define and use policies in Laravel to decide what actions users are allowed to perform—in our example, we're focusing on who can reply to a discussion.
You'll see that we set up a new policy method for replying to discussions. Right now, it's a simple return true
for demonstration purposes, but we talk about how to expand this logic to handle more complex situations (like when a discussion is locked).
We then show how to pass these permissions down to the frontend via Laravel Resources by introducing a userCan
array. This way, in your Vue components, you can simply check if e.g., userCan.reply
is true before showing reply buttons or other UI elements.
Next, we walk through updating the Vue components so the "Reply" button appears only if the user has permission. You get a quick demo of what happens when permissions change, and how the UI updates in real-time.
Finally, we connect things up so that clicking the reply button triggers the appropriate reply form—thanks to a composable function that manages the reply state.
Throughout the episode, you’ll see practical ways to keep you backend and frontend closely in sync when it comes to permissions. We'll keep building on these basics, adding more nuanced permissions and UI interactions in later episodes!