Authorization
When using Inertia, authorization is best handled server-side in your application’s authorization policies. However, you may be wondering how to perform checks against your authorization policies from within your Inertia page components since you won’t have access to your framework’s server-side helpers.
The simplest approach to solving this problem is to pass the results of your authorization checks as props to your page components.
using InertiaCore;using Microsoft.AspNetCore.Authorization;
public class UsersController : Controller{ private readonly AppDbContext _context; private readonly IAuthorizationService _authorizationService;
public UsersController( AppDbContext context, IAuthorizationService authorizationService) { _context = context; _authorizationService = authorizationService; }
public async Task<IActionResult> Index() { var createUser = (await _authorizationService .AuthorizeAsync(User, "CreateUser")).Succeeded;
var users = new List<object>(); foreach (var user in _context.Users) { var editUser = (await _authorizationService .AuthorizeAsync(User, user, "EditUser")).Succeeded;
users.Add(new { user.FirstName, user.LastName, user.Email, Can = new { EditUser = editUser }, }); }
return Inertia.Render("Users/Index", new { Can = new { CreateUser = createUser }, Users = users, }); }}class UsersController extends Controller{ public function index() { return Inertia::render('Users/Index', [ 'can' => [ 'create_user' => Auth::user()->can('create', User::class), ], 'users' => User::all()->map(function ($user) { return [ 'first_name' => $user->first_name, 'last_name' => $user->last_name, 'email' => $user->email, 'can' => [ 'edit_user' => Auth::user()->can('edit', $user), ] ]; }), ]); }}