Policy in Laravel

Tram Ho

Hello mn, when writing PHP about PHP, it is too normal, isn’t it, so how is it going to be written by RoR dev? I am a RoR dev, I’ve been moving to Laravel for a few months. Today I take the liberty to share with everyone about the policy in Laravel.

1. Overview of policy

What is policy?

  • In my opinion, Laravel is one of the most powerful support frameworks I’ve ever known, everything you use is already integrated into the core laravvel or packages. One of them has authentication, and along with authentication, none other than authorization.
  • There are two simple ways for you to decentralize your system supported by Laravel: Gate and Policy. Both are widely used and generally use Gate when you delegate things that are not related to any model or resource, for example, view an admininistrator dashboard page. In contrast, for Policy, you use permissions related to the model or resource.
  • In this article I focus on sharing how to use Policy offline!

2. Working with policy

So to create yourself a policy, what to do, please follow these steps:

a) Initialize policy:

  • First, you generate the corresponding policy file, Laravel has support for make:policy syntax to help you in this.
  • Within the scope of this article, I want to authorize the model Post. The syntax is as follows:
  • Mn noting that a mandatory policy suffix Policy follows the model or resource offline.
  • If you want to generate a file with both CRUDs, run the following command:

b) Registration Policy:

  • The next step is to register the policy. This registration helps App mapping between your model and the policy automatically.

c) Implementing the policy

  • Policy methods

    Just now we have just setup some basic things, now is the time for them to set up their policy according to their wishes. Assuming that I want to delegate as a User, I have the right to update only those posts of that User:

    • We open the PostPolicy.php file, and add the update method as PostPolicy.php :

    The method name in the policy you can set as you like is not necessarily the same as the method on the controller.

    • Where there is no model

    In the above example is the case of create Post, now there is no post object, then I only need 1 parameter as an instance of the User class for the create method.

    • Policy filter:For certain users, you want them to have full control of the policy, so now you use the before method at the beginning of the Policy class. This method will execute before the other functions in Policy

    Following is the mapping table between the methods in the policy with the controller:

d) Ways to use policy

  • Use in Model :

  • Use in Middleware :

  • Use in Controller :

  • Using Authorizing Resource in Controller: Instead of writing $this->authorize('update', $post); In the controller action, Laravel supports them with an extreme method or authorizeResource . This method will add the corresponding authorization between the Policy and the Controller. Below is a mapping table between the methods in the Policy and Controller classes
    Controller methodPolicy method
  • There is a point to note, currently the index function on the controller cannot be mapped to viewAny in the policy. I searched gg then said the index was removed. Mn can refer to the fix as below or here :

  • Use in Blade Templates :


Through the sharing above I hope you can grasp briefly what the policy is and how to use the policy appropriately.

Thanks MN for reading!

Happy Coding!

Share the news now

Source : Viblo