Gatefacade is available to easily manipulate gates.
boot()method of your service provider.
has()which is returning a boolean:
any()return a boolean indicating if user is authorized
authorize()does not return a boolean but will raise an
AuthorizationExceptionexception instead that will be rendered as an HTTP response with a 403 status code.
Authorizesclass can be added to your User model to allow handy permissions checking:
for_user()method on the Gate facade to make the verification against a given user instead of the authenticated user.
afterhooks can be triggered.
beforehook can be added like this :
afterhook is working the same way excepted that it will receive the authorization result.
Gatefacade methods to authorize actions defined in your policies (as for the gates). With the previously defined
PostPolicywe could for example make the following verifications:
view_any()methods do not take a model instance, that is why the model class should be provided so that Gate mechanism can infer from which policy those methods are belonging to.