Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Authorization no Laravel 5.1

Zizaco
September 30, 2015

Authorization no Laravel 5.1

Authorization no Laravel 5.1

Vídeo da Apresentação (2015/09/30): https://www.youtube.com/watch?v=hJRt0BDF0Do

Luiz Fernando / Zizaco
http://zizaco.net
Leroy Merlin

ACL

308 mil
Instalações do Entrust
449 mil
Instalações do Sentry
12%
Do total de instalações do Laravel

Taylor Otwell

O que é Laravel?
"A framework is a set of classes (code) that embodies an abstract design for solutions to a family of related problems."
- Brian Foote

O que é Laravel?

Laravel's (5.1.11)
Authorization
https://laravel-news.com/2015/08/laravel-5-1-11-released-now-with-authorization/

Gate
(Portão)

Gate::allows('edit-post', $post);
// true | false

@can('edit-post', $post)
...
@else
...
@endcan

Gate::forUser($user)->denies('edit-post', $post);
// true | false

$gate->allows('edit-post', $post);
// true | false

$user->can('edit-post', $post);
// true | false

Ability (Capacidade)
Gate (Portão)
Polices (Política)

( Live Coding )

Roles & Permissions ?

An Ability that check the Database

Role (Papel)
Permission (Permissão)

( Live Coding )

Ability
Gate
Polices
Role (custom)
Permission (custom)

Role (package)
Permission (package)
Entrust v2.0?

Perguntas?

Zizaco

September 30, 2015
Tweet

More Decks by Zizaco

Other Decks in Technology

Transcript

  1. ACL

  2. 308 mil Instalações do Entrust 449 mil Instalações do Sentry

    12% Do total de instalações do Laravel
  3. O que é Laravel? "A framework is a set of

    classes (code) that embodies an abstract design for solutions to a family of related problems." - Brian Foote
  4. Gate::allows('edit-post', $post); // true | false @can('edit-post', $post) ... @else

    ... @endcan Gate::forUser($user)->denies('edit-post', $post); // true | false
  5. $gate->allows('edit-post', $post); // true | false @can('edit-post', $post) ... @else

    ... @endcan $user->can('edit-post', $post); // true | false
  6. ... protected $abilities = []; protected $policies = []; function

    ($user, ...$params) { } Ability Gate class FooBarPolicy { public function ability($user, ...$params) Polices
  7. Ability Gate Polices $gate->define('edit-post', function ($user, $post) { return $post->user_id

    === $user->id; }); $gate->policy('App\Post', 'App\Policies\PostPolicy'); class PostPolicy { public function edit($user, $post) { return $post->user_id === $user->id;
  8. Gate Gate::allows('edit-post', $post); // true | false Gate::allows('edit', $post); //

    true | false @can('edit', $post); ... @can('edit-post', $post) ... @else ... @endcan