Laravel permission control Gate Policy

This article mainly introduces the Laravel permission control Gate Policy, which has certain reference value. Now I share it with everyone. Friends in need can refer to it

About permissions

The essence is to describe the judgment of whether to start production for an executable logical unit.

Definition There must be a user instance or unique identification parameter, and the usage resource associated with it. Usually a closure or function or method is used

Use to call the permission logical unit handle, parameter permission operation object, user information.

Source

The most basic permission control, ternary operator? :. Obviously conditional judgment, then jump to the corresponding execution logic.

Laravel’s idea is to separate execution logic (production code) and authorization (conditional judgment logic). Focus on the generation of conditions, and generally speaking, strengthen authorization logic (this is very useful for complex authorization). Postulate: All codes are started after the service registration is completed. So the following code will be registered. Its purpose is to find the logical body that truly authorizes judgment.

Gate::define('update articles', 'ArticlePolicy@update')

The first parameter is obviously just an authorization identifier (the handle parameter used to call), and the second parameter is the authorized logical execution body.

laravel authorization definition

Define authorization in the boot method of AuthServiceProvider

Gate::define('update articles', function ($user, $article) {
    return $user->id == $article->user_id;
});

Gate::define('update articles', 'ArticlePolicy@edit');

<?php

namespace App\Policies;

use App\User;
use App\Models\Article;

class ArticlePolicy
{
    public function update(User $user, Article $article)
    {
        return $user->id == $article->author_id;
    }
}

laravel authorized use

1. Gate facade: Gate::allows('update articles', $article) and Gate::denies('update articles', $article).

2. Controller introduces

   trait AuthorizesRequests

   $this->authorize('update articles', $article).

3. Blade template: @can('update articles', $article) and @cannot('update articles', $article) instruction.

4. User Model Example: $user->can('update articles', $article) and $user->cannot('update articles', $article).

Laravel Policy

In order to easily define and use authorization, Laravel introduces Policy based on Gate. Each method within the policy will be registered with the description of the gate::define method. So this is why after using the policy class registration, even if the authorization logic is not defined with the Gate facade, the form of Gate::allow('strategy class method') can still be used in the controller to make authorization judgments.

First define the authorization mapping relationship in the policies array attribute of AuthServiceProvider

/**
 * The policy mappings for the application.
 *
 * @var array
 */
protected $policies = [
    Article::class => ArticlePolicy::class,
];

<?php

namespace App\Policies;

use App\User;
use App\Models\Article;
use Illuminate\Auth\Access\HandlesAuthorization;

class ArticlePolicy
{
    use HandlesAuthorization;

    public function create(User $user)
    {
        return true;
    }

    public function delete(User $user, Article $article)
    {
        return $user->id == $article->author_id;
    }

     public function before($user, $ability)
    {
        if($user->isSuperAdmin()){
            return true;
        }
    }
 }

Note:

Policy just adds a HandlesAuthorization trait based on ordinary PHP classes.

In Policy, it will be called before all methods are executed. It is often used to handle administrator authorization logic.

Related recommendations:

How Laravel uses gulp to build front-end resources

The above is the detailed content of Laravel permission control Gate Policy. For more information, please follow other related articles on the PHP Chinese website!