Laravel Permissions Control Gate Policy

This article mainly introduces about Laravel authority control Gate Policy, has a certain reference value, now share to everyone, have the need for friends can refer to

About permissions

The nature of an executable logic unit describes whether to turn on production judgment.

The definition must have a user instance or a unique identity parameter, and the usage resources associated with it. Typically use closures or functions or methods

Using the Invoke permission logical unit handle, the parameter permission action object, user information.

From source

The most basic permission control, ternary operator? ：。 It is clear that the condition is judged, followed by the corresponding execution logic.

The idea of laravel is to separate execution logic (production code), authorization (conditional judgment logic). Focus on the emergence of conditions, in layman's terms to strengthen the authorization logic (which is very useful for complex authorization). Public: All code is started after the service has been registered. So the following code will be registered. The aim is to find the logical body of true authorization judgments.

Gate::d efine (' Update articles ', ' articlepolicy@update ')

The first parameter is obviously just an authorization identifier (the handle parameter to invoke), and the second argument is the logical executor of the authorization.

Laravel Authorization Definitions

AuthServiceProvider boot define authorization in the method

Gate::d efine (' Update articles ', function ($user, $article) {    return $user->id = = $article->user_id;}); Gate::d efine (' Update articles ', ' articlepolicy@edit ');

<?phpnamespace app\policies;use app\user;use app\models\article;class articlepolicy{public    function Update ( User $user, article $article)    {        return $user->id = = $article->author_id;    }}

Laravel Authorized Use

1. Gate façade: Gate::allows('update articles', $article) and Gate::denies('update articles', $article) .

2. Controller introduced the

   Trait authorizesrequests

   $this->authorize('update articles', $article)。

3. Blade templates: @can('update articles', $article) and @cannot('update articles', $article) directives.

4. User Model instance: $user->can('update articles', $article) and $user->cannot('update articles', $article) .

Laravel Policy

To facilitate the definition and use of authorization, Laravel introduced Policy on the basis of gate. Every method within policy is registered with gate::d the description of the Efine method. So this is why, after the use of the policy class registration, even if the authorization logic is not defined with gate façade, the Gate::allow (' strategy class method ') can still be used in the controller to make authorization judgments.

AuthServiceProviderdefine the policies authorization mapping relationship in the array attribute

/** * The policy mappings for the application. * * @var array */protected $policies = [    Article::class = Articlepolicy::class,];

<?phpnamespace app\policies;use app\user;use app\models\article;use illuminate\auth\access\handlesauthorization ; class articlepolicy{use    handlesauthorization;    Public function Create (User $user)    {        return true;    }    Public Function Delete (User $user, article $article)    {        return $user->id = = $article->author_id;    } Public     function before ($user, $ability)    {        if ($user->issuperadmin ()) {            return true;}}    }

Note :

Policy simply adds a trait on top of the normal PHP class HandlesAuthorization .

The Policy will be called before all methods are executed, and the most common place is to handle the administrator authorization logic.