hasPermission('user.'.$ability)) { return $this->allow(); } } /** * @param User $actor * @param User $user */ public function editCredentials(User $actor, User $user) { if ($user->isAdmin() && ! $actor->isAdmin()) { return $this->deny(); } if ($actor->hasPermission('user.editCredentials')) { return $this->allow(); } } }