Permissions for owners

[Sirick93]

Hello,
I am new to laravel and the custom packages that other people develop. As i was checking what laravel-permission can do, I didnt find anywhere how it deals with the situation that only an owner of a particular object (ex. a post) can edit and delete it and not a role of editor. If a user has a the role 'Editor' that can create, edit and delete contradicts the user that can only edit and delete their own posts. The solutions i found were still using the guard-policy techniques which are offered by default with laravel. So how can only roles have permissions? Is there anything i miss or didnt understand?

[parallels999]

https://laravel.com/docs/10.x/authorization#policy-methods
https://spatie.be/docs/laravel-permission/v5/best-practices/roles-vs-permissions

[drbyte]

Correct. You will still use policies to implement it.

And you can still do all the authorizing based on can, which uses permissions.
(And then users can be assigned groups of permissions by assigning them a role which has relevant permissions.)

In addition to the links posted above, see:
https://spatie.be/docs/laravel-permission/best-practices/using-policies

[Sirick93]

Ok i managed to get it working. I understood that can() checks first for role then permission then policy. But in order to match permission with policy, the permission naming has to be like [policy method name]-[policy/model name]. Why in the spatie documentation the permission names are like:
Permission::create(['name' => 'edit articles']); ?

[drbyte]

But in order to match permission with policy, the permission naming has to be like [policy method name]-[policy/model name].

Why do you say that?