I have a small application written with Laravel 5.3, at some point I check to see if the logged in user is allowed to edit / change or delete a certain post:
if(!$post = Auth::user()->posts()->where('id', $id)->first()) {
return redirect()->route('post.index')
->with(['status' => 'danger', 'mensagem' => 'Este post não te pertence!']);
}
How can I create a policy and use it so that the admin (super admin) and the owner of the post are the only ones to have permission on the post?