Gate
facade is available to easily manipulate gates.Gates
in boot()
method of your service provider.has()
which is returning a boolean:GateDoesNotExist
exception will be raised.allows()
, denies()
, none()
, any()
, authorize()
inspect()
.allows()
, denies()
, none()
and any()
return a boolean indicating if user is authorizedauthorize()
does not return a boolean but will raise an AuthorizationException
exception instead that will be rendered as an HTTP response with a 403 status code.inspect()
:Authorizes
class can be added to your User model to allow quick permission checks:User
instances:for_user()
method on the Gate facade to make the verification against a given user instead of the authenticated user.before
and after
hooks can be triggered.before
hook can be added like this:after
hook works the same way:after
callback is returning a value it will take priority over the gate result check.--model
flag:PolicyDoesNotExist
exception will be raised.Gate
facade methods to authorize actions defined in your policies. With the previously defined PostPolicy
we could make the following calls:create()
or view_any()
methods do not take a model instance, that is why the model class should be provided so that Gate mechanism can infer from which policy those methods are belonging to.