Hi all,

First of all, thanks for the great work, I’m starting to love this library :)

My question:
I want to do some custom authorisation checks when updating a relationship.

Example:
A File always belongs to one User. A Person has many Files (where File is an actual Laravel Model).

Now, say I log in as User ‘Carsten’ and as a contact I have Person ‘Dave’.
Now I want to update Person Dave and create a relationship from Person Dave to some File X.
However, I should only be allowed to do this if that File X actually belongs to me, User ‘Carsten’.

I understand how I can do this when using the relationship endpoints of Person (i.e. /people/1/relationships/files):
Create a custom Authorizer, adapt the method updateRelationship() by checking in $request->toMany if it only contains files that are related to User ‘Carsten’.

But is there a way to do such detailed checks on relationships when running an update on person in general?
So a request to /people/1 goes through the Authorizer method update(...)

	public function update(Request $request, object $model): bool
	{
		Log::debug('PersonAuthorizer UPDATE', [$model]);

		return $this->gate->check(
			'update',
			$model
		);

		// return true;
	}

But is there a way to access the relationship data here?
I cannot use $request->toMany, also validation has not run yet, so no $request->validated().
Parameter $model just gives the model (I guess queried from the database)

Is there ANY way to check on the relationship data here?

Thanks, glad to hear you are enjoying using the package.

I'm unclear why you just can't access the relationship from the model?