[Lumen 5.2 documentation] more features-user authorization

1. Introduction

In addition to providing out-of-the-box authentication services, Lumen also provides a convenient way for resource authorization logic and access control. You can organize your authorization logic through a variety of methods and auxiliary functions.

In general, the use of authorization in lumen is the same as in Laravel, where we only discuss different places, for more details please refer to the complete Laravel documentation.

2, the difference with the Laravel

define permissions (abilities)

The main difference between using authorization with respect to laravel,lumen is the definition of permissions, in lumen, you can simply use gate façade to define permissions in Authserviceprovider:

Gate::d efine (' Update-post ', function ($user, $post) {    return $user->id = = = $post->user_id;});

define policy (policies)

Unlike Laravel,lumen, there are no attribute arrays in Authserviceprovider. However, you can still invoke the policy method on the gate façade in the service provider's boot method:

Gate::p olicy (Post::class, Postpolicy::class);

To learn more about the strategy, refer to the full laravel documentation.

Check Permissions

You can check permissions just as you would in the full laravel framework. First, using the gate façade, if you choose to use the façade, make sure that the façade is enabled in the bootstrap/app.php file. Remember, we do not need to pass the user instance to the allows method because the current authenticated user is automatically passed to the authentication callback:

if (gate::allows (' Update-post ', $post)) {    //}if (Gate::d enies (' Update-post ', $post)) {    abort (403);}

Of course, you can also check whether the specified user has the given permissions:

if ($request->user ()->can (' Update-post ', $post)) {    abort (403);} if ($request->user ()->cannot (' Update-post ', $post)) {    abort (403);}

