can/cannot

The @can and the @cannot tags are contributed by the @adonisjs/bouncer package. It allows you write conditionals around the bouncer permissions.

  • Both are block-level tags.
  • They accept the action name as the first argument, followed by the data accepted by the action.
@can('editPost', post)
<a href="{{ route('posts.edit', [post.id]) }}"> Edit </a>
@end
@can('deletePost', post)
<a href="{{ route('posts.delete', [post.id]) }}"> Delete </a>
@end

You can reference the actions on a policy by passing a string containing both the policy name and the action name separated by the dot notation.

@can('PostPolicy.edit', post)
<a href="{{ route('posts.edit', [post.id]) }}"> Edit </a>
@end

Passing authorizer for a different user

The @can and the @cannot tags authorize the actions against the currently logged-in user. If the underlying bouncer/policy action needs a different user, you will have to pass an explicit authorizer instance.

@can('PostPolicy.edit', bouncer.forUser(admin), post)
@end

In the above example, the second argument, bouncer.forUser(admin) is a child instance of bouncer for a specific user, followed by the action arguments.