Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
An Introduction to Laravel Authorization Gates
Apr 20, 2017 @ 15:21:20

On the Laravel News site there's a new post introducing you to "authorization gates" in Laravel, a feature that allows you to ensure a user has the permissions to perform the action being requested.

Laravel Gate has an elegant mechanism to ensure users are authorized to perform actions on resources. Before version 5.1, developers used ACL packages such as Entrust or Sentinel along with middlewares for authorization.

The problem with this approach is the permissions you attach to users are just flags; they don’t encode the complex logic of the permission for some use cases. We have to write the actual access logic within controllers.

They mention some advantages to using Gate over other external packages (like Sentinel or Entrust) by being "opinionated" about its use and the decoupling of access logic from business logic. They then share an example in a basic Laravel application, protecting "posts" based on the user's current roles. Models, migrations the auth generation are all included. They then show how to define policies in the AuthServiceProvider for CRUD operations on the posts and how to enforce their checks in the Post controller execution flow.

tagged: laravel gates authorization introduction tutorial

Link: https://laravel-news.com/authorization-gates