Confusion about Laravel policy arguments

I'm trying to implement Policies in my Laravel application but am having some trouble with the parameters passed.

I have a very basic Policy named EmployeePolicy

<?php

namespace App\Policies;

use App\Models\Employee;
use App\Models\Permission;

class EmployeePolicy
{
/**
* Determine if the given employee can view a permission.
*
* @param Employee $Employee
* @param Permission $Permission
*
* @return bool
*/
public function view(Employee $Employee, Permission $Permission): bool
{
return true;
}
}


This policy is called from a controller function view

public function view (Request $request, Employee $Employee, Permission $Permission) { ... }


from a route which looks like

Route::get('/actions/{employee}/{permission}' [\App\Http\Controllers\ApplicationPermissions::class, 'view'])


In my view function, if I call my Policy with $request->user()->can('view', $Permission), it will always return false (even if I try to dd() in the policy, it will never be called). The policy function will never be called as I assume the function signature is different.

However, if I call my policy with $request->user()->can('view', [Auth::User(), $Permission]) then my policy will return the error

App\\Policies\\EmployeePolicy::view(): Argument #2 ($Permission) must be of type App\\Models\\Permission, App\\Models\\Employee given


I do somewhat understand why it's throwing this error, but I do not understand the proper way to be passing my Permission model to my Employee policy. The documentation has not helped me. Is there something obvious I'm missing?

Continue reading...