Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Access Control in Laravel

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Fareez Ahamed Fareez Ahamed
February 27, 2016
Programming
260
4

Access Control in Laravel

Introduction to Access Control in Laravel

Avatar for Fareez Ahamed

Fareez Ahamed

February 27, 2016

More Decks by Fareez Ahamed

See All by Fareez Ahamed
Laravel Integration Testing
Avatar for Fareez Ahamed fareez
3
140

Other Decks in Programming

See All in Programming
感情を設計する
Avatar for nakamichi ichimichi
5
1.4k
10 Tips of AWS ~Gen AI on AWS~
Avatar for matsukada licux
5
320
TiDBのアーキテクチャから学ぶ分散システム入門 〜MySQL互換のNewSQLは何を解決するのか〜 / tidb-architecture-study
Avatar for DPon dznbk
1
160
煩雑なSkills管理をSoC(関心の分離)により解決する――関心を分離し、プロンプトを部品として育てるためのOSSを作った話 / Solving Complex Skills Management Through SoC (Separation of Concerns)
Avatar for nrs nrslib
4
860
PHP でエミュレータを自作して Ubuntu を動かそう
Avatar for memory m3m0r7
PRO
2
180
KagglerがMixSeekを触ってみた
Avatar for Morim morim
0
370
SkillがSkillを生む:QA観点出しを自動化した
Avatar for sontixyou sontixyou
6
3.3k
Swift Concurrency Type System
Avatar for Yasuhiro Inami inamiy
0
470
Claude Codeをカスタムして自分だけのClaude Codeを作ろう
Avatar for Terisuke terisuke
0
110
How Swift's Type System Guides AI Agents
Avatar for Yuta Koshizawa koher
0
220
Don't Prompt Harder, Structure Better
Avatar for Yusuke Kita kitasuke
0
690
今からFlash開発できるわけないじゃん、ムリムリ! (※ムリじゃなかった!?)
Avatar for Sora Arakawa arkw
0
190

Featured

See All Featured
A Soul's Torment
Avatar for Nat Ma seathinner
6
2.6k
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.8k
Designing Experiences People Love
Avatar for Jonathan Moore moore
143
24k
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
225
10k
What does AI have to do with Human Rights?
Avatar for Per Axbom axbom
PRO
1
2.1k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
515
110k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
141
7.4k
Making Projects Easy
Avatar for Brett Harned brettharned
120
6.6k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
281
24k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.4k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
38
2.8k

Transcript

  1. Access Control in Laravel

  2. Access Control in Laravel

  3. What is Access Control?

  4.    ACL 403 200

  5. How to do that in Laravel?

  6. public function index() { //check access if(Gate::denies('view-post-list')) { abort(403); }

    $posts = Post::all(); return response()->json($posts); } denies allows check

  7. But, where do I define the 'ability'?

  8. class AuthServiceProvider extends ServiceProvider { ... public function boot(GateContract $gate)

    { $this->registerPolicies($gate); //Definition of access control $gate->define('view-post-list', function ($user) { return $user->isModerator(); }); } }

  9. But I wan't to give access selectively

  10. public function edit(Request $req, $id) { $post = Post::findOrFail($id); //check

    access if(Gate::denies('edit-post',$post)) { abort(403); } return response()->json($post); }

  11. Now, How to define this?!

  12. $gate->define('edit-post', function ($user, $post){ return $user->id === $post->user_id; });

  13. What if I'm a Super Admin?

  14. $gate->before(function ($user, $ability){ if ($user->isSuperAdmin()) { return true; } });

  15. How to log failed Gate checks?

  16. $gate->after( function ($user, $ability, $result, $arguments){ if (!$result) { //Log

    here } });

  17. Cleaner way to define abilities

  18. $gate->define('update-post', 'Class@method'); Defining in classes

  19. php artisan make:policy PostPolicy Defining Policies

  20. protected $policies = [ Post::class => PostPolicy::class, ]; Advantages Cleaner

    Code Implicitly identifies Policy to use

  21. Blade 'can'!

  22. @can('edit-post', $post) <a href='{{ url('post.edit',$post->id) }}'>Edit Post</a> @else <a class='disabled'

    href='{{ url('post.edit',$post->id) }}'> Edit Post </a> @endcan

  23. Simple Implementation

  24. Schema::create('users', function (Blueprint $table) { $table->increments('id'); $table->string('name'); $table->string('email')->unique(); $table->string('password'); $table->string('roles');

    $table->rememberToken(); $table->timestamps(); }); Add roles to user

  25. class User extends Authenticatable { ... protected $casts = [

    'roles' => 'collection' ]; } Cast roles to Collection

  26. $gate->define('create-post', function($user){ return $user->roles->contains('author'); }); Define the abilities

  27. Now 'Gate!!!' public function create(Request $req) { //check access if(Gate::denies('create-post'))

    { abort(403); } return view('post.create'); }

  28. Thank you! www.fareez.info [email protected]