Laravel 5.1.11 Brings Us Authorization! (User Permissions / Access Control)

Maybe one of these 'things'? :)

@Ruffles Wow!, it looks really good, finally an out of the box authorization for Laravel, yay!!

I think this was intended to be used only with Laravel Spark

Super cool news:)

Very nice! It look very good and the documentation is awesome
But Am I wrong or the suggestion was hardcoding the validations, I mean you need declare classes for use those traits

It was the most requested feature on twitter (and maybe before that) + other frameworks has it out of the box so it was time we get it in Laravel!

Waiting for the Authorization lesson by Jeffrey!

This is brilliant ! This implementation is great ! I really like the way it is implemented and the policies classes.

Maybe the second goody will be handling of roles :)

Another feature I would love to see is a simple mechanism for storing uploaded files and accessing them. Handling the logic like convert the file name with md5 and creating sub folders for avoiding collisions on large number of files. Something like $hashed_file_name = Storage::disk('pictures')->store($uploadedFile), then uploaded('pictures')->get($hashed_file_name) and uploaded('pictures')->path($hashed_file_name).

nice :) hope to see roles && Permission

Perfect timing, I'm about to include permissions in one of my projects in the next couple weeks. Will make extensive use of the new feature! :)

This looks awesome. I guess taylor needed it for Spark.

@boynet implementing some sort of roles & permission system just got a whole lot easier :)

@Prullenbak why? before I can just do if ($post->user_id !== $user->id)

the hard problem is give a user Admin role and say that admin can edit and delete post, but you have some admins that you want to take away from them the delete permmision etc..

@boynet At least now you have a place to put this logic

@pmall yes ofcourse its a good stuff, just saying that most of the people was asking for something like: https://github.com/Zizaco/entrust

Im just going to ask it here -

How do you update composer to include the new files?

Because i get - "'Illuminate\Foundation\Support\Providers\AuthServiceProvider" - after following the upgrade guide. Did i miss something=

@FabianH just do composer update

1 ) use of facades instead of contracts for injection and 2) direct method calls inside action methods instead of middlewares - who wrote that? I mean, it's good to have something useful out-of-the-box all right, but the implementation doesn't match laravel standards so to speak. It's looks more like a quick hack to me, really. I'm sorry but I feel a bit disappointed.

@constb Of course there is a Gate contract and you can inject it anywhere and make the checks in middleware. Facades and helpers are just shortcuts for injection.

<?php namespace App\Http\Middleware;

use Closure;
use Illuminate\Contracts\Auth\Access\Gate;

class AuthorizePostUpdate {

    protected $gate;

    public function __construct(Gate $gate)
    {
        $this->gate = $gate;
    }

    public function handle($request, Closure $next)
    {
        $post = App\Post::findOrFail($request->posts);

        if ($this->gate->denies('update-post', $post))
        {
            return response('Forbiden', 403);
        }

        return $next($request);
    }

}

Awesome. That's exactly what I need for my next project. Jeff, it's up to you now :-) to make a good video.

Hi @FabianH,

I had the same issue after following the upgrade instructions from laravel 5.1.x to 5.1.11. I have created a fresh Laravel install with laravel new [projectname] and merged the /vendor directory with my existing directory. I know it is a workaround but it did the job.

Btw, I found this thread where they suggested to upgrade to 5.1.12.

http://laravel.io/forum/08-31-2015-something-is-wrong-with-the-new-authorization-system?page=1

@ovvessem , thank you. I solved the issue by just rerunning composer update. It seems that the problem was that I first did the upgrade guide and then did "composer update".

Nice. It seems this is the number one question here too. Something most sites need, yet hard for new people to grasp (was for me too) as it is an advanced subject arguably but required like I said for most sites.

Just added this to my new app, great work!

Awesome. I just upgraded my project.

It also appears to be very flexible and readily adaptable as an authorization layer for a token based authentication system (JWT) with no fuss whatsoever.

laravel 5.11 authorization! is it role based? Does this mean I can get rid of third-party packages like entrust completely?

@hardsshah with some effort probably yes. However most of the RBAC packages offer more than just access control based on role and permission. You would need to create your own roles, permissions, role_user, permission_role etc tables. Also they normally offer some roles/permissions inheritage system, levels of roles etc.... This is not offered by this update. Only building blocks for making such system much more easily on your own now.

Thanks @janareit

Now we need an opt in role based system out of the box and we are good to go! The upside of this is that Jeffrey will cover it on Laracasts (Yeah I know that we have a lesson called Users And Roles) so more people will have a chance to learn more because it will be official.

I think it getting conflict with Entrust package!!

When I follow upgrade guide to 5.1.11, after done, app stop working, and on hhvm log, I found this:

Fatal error: Method 'can' declared in multiple traits in /var/www/html/app/User.php on line 15

If I either remove Authenticatable or EntrustUserTrait, it start working again, this is really messy, since I been using Entrust and want to slowly move to native acl in laravel, but not this..

P/S: for now I will just comment Authorizable, looking for a way to fix this :)

@kocoten1992 I solved this exact thing today... by uninstalling Entrust :) The switch was very quick and painless.