LaravelLaravel & VueJsVueJs

Laravel Gates Tutorial With Example From Scratch



Laravel Gates Tutorial Example From Scratch is today’s main topic. Gates and Policies restrict the users based on their logic. Gates may also be defined using a Class@method style callback string, like controllers.

Writing Gates

Gates are Closures that determine if a user is authorized to perform a given action and are typically defined in the class AppProvidersAuthServiceProvider using the facade  Gate. Gates always receive a user instance as their first argument, and may optionally receive additional arguments such as a relevant Eloquent model.

Laravel Gates Tutorial

Think of gates and policies like routes and controllers. Gates provide a simple, Closure based approach to authorization while policies, like controllers, group their logic around a particular model or resource. We’ll explore gates first and then examine policies.

/**
 * Register any authentication / authorization services.
 *
 * @return void
 */
public function boot()
{
    $this->registerPolicies();

    Gate::define('update-post', 'PostPolicy@update');
}

Now, we will take an example, to understand the Gates. Laravel provides user table’s migration by default, so what we will do is that make one more column called isAdmin and set the datatype to the boolean.

Step 1: Install Laravel And Setup Database.

composer create-project laravel/laravel --prefer-dist gates

Now, set up the database in a .env file.

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=gates
DB_USERNAME=root
DB_PASSWORD=

We need to change the user migration file and add one more column called isAdmin as a boolean.

   /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        Schema::create('users', function (Blueprint $table) {
            $table->increments('id');
            $table->string('name');
            $table->boolean('isAdmin')->default(0);
            $table->string('email')->unique();
            $table->string('password');
            $table->rememberToken();
            $table->timestamps();
        });
    }

Now, migrate the database.

php artisan migrate

Step 2: Make auth system

In your root, type the following command in your terminal.

php artisan make:auth

It will create the register and login system for us. Now, register the three users for the sample.

★ READ ALSO ★  Introducing Clockwork 2.0 - murze.be

Now, go to the table and change any of the user’s isAdmin value to 1. This is an example, so we manually do it otherwise we need to change it to 1 programmatically.

 

So, we will write the gates logic for a user, who is the admin. Otherwise, some resources will not be displayed to the logged in user, if he is not an admin.

Now, go to the resources  >>  views  >>  welcome.blade.php. Add the following line to the code.

@if (Route::has('login'))

@endif

Also, define the route in the routes  >>  web.php file.

Route::get('/privare', 'HomeController@private')->name('private');
/**
  * Show the application private resources.
  *
  * @return IlluminateHttpResponse
  */
   public function private()
   {
       return view('private');
   }

Now, create private.blade.php file.

@extends('layouts.app')

@section('content')
Private Resources
Confidential Information
</div> </div> </div> </div> @endsection

Now, log in to the application and go to the http://localhost:8000

You can see another navigation item called Private. Right now, you can see this thing, and you can navigate to that page. But we need to prevent viewing this page which is not an admin. That is why Gates come into the play.

Step 3: Define the Gates.

Go to the app  >>  providers  >>  AuthServiceProvider.php file and define the gate.

   /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        Gate::define('admin-only', function ($user) {
            if($user->isAdmin == 1)
            {
                return true;
            }
            return false;
        });
    }

Okay, so now remaining step is to tell the application that this route is protected to the admin.

So in HomeController file, write the following code.

   use IlluminateSupportFacadesGate;

   /**
     * Show the application private resources.
     *
     * @return IlluminateHttpResponse
     */
    public function private()
    {
        if (Gate::allows('admin-only', auth()->user())) {
            return view('private');
        }
        return 'You are not admin!!!!';
    }

So, when you logged in as a user, whose isAdmin is one then, you can view the private resources, otherwise not. Next step is to do not display private navigation item to the non-admin user because it makes no sense to show them the secret part at all.

In the welcome.blade.php file, you can add the @can directive.

@if (Route::has('login'))

@endif

Now, only admin can see the Private view of the application. So we have used Gate as an authorized user to show only resources that user has been allowed. There is one more concept called Policy, which we will see in the next tutorial. You can explore more API in Laravel’s documentation.

That is it for the Laravel Gates Tutorial Example From Scratch. 




Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close