[FIXED] Laravel Controller update model from different users

Issue

In my Laravel application, I have a Model called Project which has, among others, a property called approved_at. There is also a ProjectController, which contains the usual methods *(index, show, create, update, edit...)

Now, the user that created the Project can edit it (modifying its other attributes), but only some "staff" members have the right to approve one.

From what I understand, there can be two ways to handle the approval operation:

1. Both users, from their respective views (let's call them edit and approve) fire the ProjectController@update method, which will internally distinguish who-can-do-what by means of authorization or policies;
2. I create a new ProjectApprovalController, with its own update method, and check the authorization at the endpoint (eg, /projects/{id}/approve).

What is the best approach to tackle this behaviour?

Solution

It depends on what do you want to do with this in the future. If there would be some kind of extra steps to do behind the approve method for example: connection to external micro service to check if project exists in external database with subsidies then you should definitely split it.

If you don’t mind I would suggest you to not focus so much on the implementation. Your application should be removable as fast as you build it. There is a great presentation about this from Greg Young called ‘The Art of Destroying Software’. Be more focus to build your solution with SOLID principles and test the behaviour of this method to make it easier to replace in the future.

to answer your question, second option is more restful approach, but I don’t know if that is not shooting to fly with a cannon

Answered By - Kacper Majczak