authorize method

bool authorize(
  1. Request request
)

Determine if the user is authorized to make this request.

This method is called before validation to check if the current user has permission to perform the action. Return true to allow the request, or false to deny it.

The default implementation returns true, allowing all requests. Override this method to implement authorization logic.

If this method returns false, an UnauthorizedException will be thrown immediately, before any validation occurs.

Example:

@override
bool authorize(Request request) {
  final user = request.user();
  if (user == null) return false;

  // Check user permissions
  return user.can('create-posts') || user.hasRole('admin');
}

// Or check request parameters
@override
bool authorize(Request request) {
  final postId = request.input('post_id');
  if (postId != null) {
    final post = Post.find(postId);
    return post?.user_id == request.user()?.id;
  }
  return true;
}

Parameters:

  • request: The request instance being validated

Returns: true if the request is authorized, false otherwise

Implementation

bool authorize(Request request) => true;