/** * Filter request input by a policy function that provides a whitelist of * attribute names based on a user's privilege over the $record for the * $action specified. * * @api * @see self::authorizerAttributes() * @param mixed $record * @param string|null $action * @return array */ public function permittedAttributes($record, $action = null) { $whitelist = (new Authorizer())->permittedAttributes($this->authorizerUser(), $record, $action); $attributes = new Transformer($this->authorizerAttributes()); return $attributes->only($whitelist); }