//Guide to Building “Simple ACL” in Laravel

Guide to Building “Simple ACL” in Laravel

Laravel’s authentication provides a simplified solution for registration, login, logout, and password reset, making it quicker and easier to implement for web applications.

However, if you need to control access to specific parts of a website, enable or disable certain sections for non-admin users, or ensure that a user can only edit their own contacts, you need to build an ACL (Access Control List) in Laravel (starting from version 5.1.11).

To build an ACL for your application, we use the built-in Gate class, which has been integrated into Laravel versions 5.1.11 and beyond. The Gate class allows you to check if a user (either the logged-in user or a specific user) is “allowed” to do something. Let’s look at the sample code below:
if (Gate::denies(‘update-contact’, $contact)) {
abort(403);
}
Place the code above in your controller and check whether the logged-in user is denied the update-contact permission, or you can use Gate::allows to check the reverse.

Laravel’s ACL is built on the concept of “Ability“. An Ability is a key (e.g., update-contact).

DEFINING AN ABILITY FOR ACL

Define an “Ability” in the default position, the AuthServiceProvider.


class AuthServiceProvider extends ServiceProvider
{
    public function boot(GateContract $gate)
    {
        parent::registerPolicies($gate);
        $gate->define('update-contact', function ($user, $contact) {
            return $user->id === $contact->user_id;
        });
    }
}

And check:


if (Gate::denies('update-contact', $contact)) {
    abort(403);
}

Another concept we should explore is Policies. Instead of writing too many definitions directly in the AuthServiceProvider, we can build a set of classes called Policies.

Run the command:
php artisan make:policy ContactPolicy
This will automatically generate the ContactPolicy file in the app/Policies folder with the default content.


id === $contact->user_id;
    }
}

Now, register the class in the AuthServiceProvider


class AuthServiceProvider extends ServiceProvider
{
    protected $policies = [
        Contact::class => ContactPolicy::class,
    ];
}

Now we can place the following in the controller to check:


if (Gate::denies('update', $contact)) {
    abort(403);
}

APPLY NOW

RiverCrane Vietnam sympathizes staffs' innermost feelings and desires and set up termly salary review policy. Performance evaluation is conducted in June and December and salary change is conducted in January and July every year. Besides, outstanding staffs receive bonus for their achievements periodically (monthly, yearly).

In order to broaden staffs' view about technologies over the world, RiverCrane Vietnam set up policy to send staffs to Japan for study. Moreover, the engineers can develop their career paths in technical or management fields.

Not only bringing chances to the staffs for their challenging, Rivercrane Vietnam also excites them with interesting annual trips. Exciting Gala Dinner with team building games will make the members of Rivercrane connected closer.

Activities such as Team Building, Company Building, Family Building, Summer Holiday, Mid-Autum Festival, etc. will be the moments worthy of remembrance for each individual in the project or the pride when one introduces the company to his or her family, and shares the message "We are One".

Rivercrane Vietnam ensures social insurance, medical insurance and unemployment insurance for staffs. The company commits to support staffs for any procedures regarding these insurances. In addition, other insurance policies are taken into consideration and under review.

Support budget for activities related to education, entertainment and sports. Support fee for purchasing technical books. Support fee for getting engineering or language certificates. Support fee for joining courses regarding technical management. Other supports following company's policy, etc.

Guide to Building “Simple ACL” in Laravel

APPLY NOW

Benefits

RELATED JOBS