Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Create simple gym management in Laravel part 1.2 permission management: easy authorization with Laravel Gate ( official authorization package )
for the previous part we’ve set up user and group to continue I’ve implement Laravel Gate and show how package work
when you came across Laravel documentation and it’s will give two keyword
Gate and Policies
Gate is a class that perform all authorization cycle and Policie is a Class that organize a group of gate separate what your want
just a four step that you will learn from this chapter
- generate Policies class
- check user has authorized perform action
- register Policies in AuthService proivider
- perform check on controller or many place and using many helper
generate Policies class
first will control authorization for group and user
we create policies class with artisan
php artisan make:policy GroupPolicy --model=Groupphp artisan make:policy UserPolicy --model=Group
that generates a class from a template
check user has authorized perform an action
function in policy class use for check permission match in a controller
public function create(User $user) {
return in_array('group.create',$user->group->permission);
}
we use in_array to check the current action has in current login user permission
group.create come form Group Controller and create function and $user->group->permission an array containing a list of permission that we create in past chapter
in_array return boolean that easy for us
register Policy in AuthService provider
activate policy in function boot in AuthService provider
public function boot(){
$this->registerPolicies();
\Gate::resource('group','App\Policies\GroupPolicy');\Gate::resource('group','App\Policies\UserPolicy');
}
perform authorization on controller or many places and using many helpers
we have many helper functions for check authorization like can, cant, allows and denieds,
for example check if user can’t edit group we throw 403 back
public function edit($id){
if(auth()->user()->cant('group.edit')){
return abort(403); }
$group = \App\Group::find($id);
return view('group.edit',compact('group'));
}
now let’s try
you can use laravel debugbar view profile did you see Gate return success
I’ve try fail case
will remove user.create form admin role
add authorizartion check in policy
public function create(User $user){
return in_array('user.create',$user->group->permission);
}
and in controller
public function create() {
if(auth()->user()->cant('user.create')){
return abort(403);
} $groups = Group::all();return view('user.create',compact('groups'));
}
yep it’s work
so what should you do next
this is extra feature your can do when general business requirement done
your can repeat that process to cover all action
Create simple gym management in Laravel part 1.2 was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.