Authorization in nested resource

[Barbapapazes]

Hello,

I'm facing an issue with the Gate facade.

I have a resource called talk and another called question. question is a nested resource of talk so the controller name is TalkQuestionController.

I also have 2 policies TalkPolicy and TalkQuestionPolicy. In the TalkQuestionPolicy, I have the following create method:

    public function create(User $user, Talk $talk): bool
    {
        return $user->id === $talk->user_id ?
            Response::allow() :
            Response::denyAsNotFound();
    }

Since it's a nested resource, I want to deny users to create a question to a talk they do not own. But with the following rules in my TalkQuestionController:

    public function create(Talk $talk)
    {
        Gate::authorize('question', $talk);

        return Inertia::render('Questions/Create');
    }

The policy called is TalkPolicy which is not the one that should be. How could I called the TalkQuestionPolicy?

[Barbapapazes]

Ok, I found a solution.

I rename TalkQuestionPolicy to QuestionPolicy to match the model name. Then, I pass the question class as first argument and then the talk.

    public function create(Talk $talk)
    {
        Gate::authorize('create', [Question::class, $talk]);

        return Inertia::render('Questions/Create');
    }

I think, the documentation could contains more example of nested resource!