Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
OH MY!
LARAVEL 5.2
GATES, AUTHSERVICEPROVIDERS AND
POLICIES
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
WHOAMI
▸ Alison Gianotto (aka “snipe”, aka @snipeyhead)
▸ One of the o...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
PROBLEMS THE AUTHSERVICEPROVIDER SOLVES
▸ Much cleaner syntax in blade...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/PROVIDERS/AUTHSERVICEPROVIDER.PHP
public	function	boot(GateContrac...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
SCENARIO: USER COMMUNITY WEBSITE
▸ users table
▸ communities table wit...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
SCENARIO: USER COMMUNITY WEBSITE: USERS
▸ Users CAN update their own p...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/PROVIDERS/AUTHSERVICEPROVIDER.PHP
//	Check	if	the	user	can	update	...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/USER.PHP (USER MODEL)
/**	
*	Checks	if	a	user	is	a	member	of	a	com...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/HTTP/ENTRIESCONTROLLER.PHP (VIA GATE FACADE)
public	function	getEd...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/HTTP/ENTRIESCONTROLLER.PHP (VIA USER MODEL)
public	function	getEdi...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
RESOURCES/VIEWS/ENTRIES/VIEW.BLADE.PHP
@can('update-entry',	$entry)	
	...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/HTTP/ENTRIESCONTROLLER.PHP (VIA FORM REQUEST)
/**	
	*	Determine	if...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
SCENARIO: USER COMMUNITY WEBSITE: COMMUNITY ADMINS
▸ Community admins ...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/USER.PHP (USER MODEL)
/**	
*	Returns	whether	or	not	the	user	is	an...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/PROVIDERS/AUTHSERVICEPROVIDER.PHP
//	Check	if	the	user	can	join	a	...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
THIS COULD GET OUT OF HAND QUICKLY.
ENTER POLICIES.
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
CREATING A POLICY
>	php	artisan	make:policy	EntryPolicy	
Policy	create...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/POLICIES/ENTRYPOLICY.PHP
<?php	
namespace	AppPolicies;	
use	AppUse...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/POLICIES/COMMUNITYPOLICY.PHP
<?php	
namespace	AppPolicies;	
use	Ap...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/PROVIDERS/AUTHSERVICEPROVIDER.PHP
<?php	
namespace	AppProviders;	
...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
APP/PROVIDERS/AUTHSERVICEPROVIDER.PHP
<?php	
namespace	AppProviders;	
...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
CHECKING POLICIES
▸ Via Gate facade







▸ Via User Model



if	(Gat...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
CHECKING POLICIES
▸ Via Blade shortcut:





▸ Via Policy Helper:

@ca...
LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES
CONCLUSION: THE AUTHSERVICEPROVIDER + POLICIES LETS YOU
▸ Use existing...
THANK YOU!
@SNIPEYHEAD
Prochain SlideShare
Chargement dans…5
×

Laravel 5.2 Gates, AuthServiceProvider and Policies

3 153 vues

Publié le

Walkthrough of Gates, AuthServiceProvider and Policies in Laravel 5.2, presented May 25, 2016 at the San Diego Laravel Meetup.

Publié dans : Internet
  • Soyez le premier à commenter

Laravel 5.2 Gates, AuthServiceProvider and Policies

  1. 1. OH MY! LARAVEL 5.2 GATES, AUTHSERVICEPROVIDERS AND POLICIES
  2. 2. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES WHOAMI ▸ Alison Gianotto (aka “snipe”, aka @snipeyhead) ▸ One of the original members of SDPHP ;) ▸ Working with PHP for 15+ years ▸ CTO/Co-Founder of AnySha.re ▸ Founder of Grokability, Inc. ▸ Creator of Snipe-IT and other internet things
  3. 3. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES PROBLEMS THE AUTHSERVICEPROVIDER SOLVES ▸ Much cleaner syntax in blades (@can and @cannot) ▸ One unified place to keep authorization rules ▸ Assumes a user instance. If no user available, it fails to false ▸ Can handle basic authorization (“does the user own this thing?”) or much more sophisticated rules based off your model methods.
  4. 4. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/PROVIDERS/AUTHSERVICEPROVIDER.PHP public function boot(GateContract $gate) { $this->registerPolicies($gate); // -------------------------------- // BEFORE ANYTHING ELSE // -------------------------------- $gate->before(function ($user, $ability) { if ($user->superadmin=='1') { return true; } });
  5. 5. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES SCENARIO: USER COMMUNITY WEBSITE ▸ users table ▸ communities table with user_id for creator ▸ communities_users pivot table ▸ boolean is_admin ▸ entries table with created_by for creator
  6. 6. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES SCENARIO: USER COMMUNITY WEBSITE: USERS ▸ Users CAN update their own posts ▸ Users CAN delete their own posts ▸ Users CANNOT update other users’ posts ▸ Uses CAN see other posts in a community ▸ … (etc) ▸ Users CAN message other users if they are not blocked ▸ Users CANNOT messages other users if they are blocked
  7. 7. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/PROVIDERS/AUTHSERVICEPROVIDER.PHP // Check if the user can update an entry $gate->define('update-entry', function ($user, $entry) { return $user->id === $entry->created_by; });
  8. 8. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/USER.PHP (USER MODEL) /** * Checks if a user is a member of a community * * @param Community $community * @return boolean */ public function isMemberOfCommunity($community) { return $this->communities()
 ->where('community_id', '=', $community->id) ->count() > 0; }
  9. 9. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/HTTP/ENTRIESCONTROLLER.PHP (VIA GATE FACADE) public function getEdit(Request $request, $id) { if ($entry = Entry::find($id)) { if (Gate::denies('update-entry', $entry)) { // You can return a 403 or whatever you want here abort(403); } return view('entries.edit'); } return redirect()->back()->with('error', 'Invalid entry.'); }
  10. 10. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/HTTP/ENTRIESCONTROLLER.PHP (VIA USER MODEL) public function getEdit(Request $request, $id) { if ($entry = Entry::find($id)) { if ($request->user()->cannot('update-entry', $entry)) { // You could return a 403 response here, etc. abort(403); } return view('entries.edit'); } return redirect()->back()->with('error', 'Invalid entry.'); }
  11. 11. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES RESOURCES/VIEWS/ENTRIES/VIEW.BLADE.PHP @can('update-entry', $entry) <a href="{{ route('entry.edit.form', $entry->id) }}">Edit</a> @endcan
  12. 12. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/HTTP/ENTRIESCONTROLLER.PHP (VIA FORM REQUEST) /** * Determine if the user is authorized to make this request. * * @return bool */ public function authorize() { $entryId = $this->route('entry'); return Gate::allows('update', Entry::findOrFail($entryId)); }
  13. 13. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES SCENARIO: USER COMMUNITY WEBSITE: COMMUNITY ADMINS ▸ Community admins CAN edit their own community settings ▸ … (etc) ▸ Community admins CAN update user posts ▸ Community admins CAN add/remove users from community
  14. 14. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/USER.PHP (USER MODEL) /** * Returns whether or not the user is an admin of a community * * @param object $community * @return boolean */ public function isAdminOfCommunity($community) { return $this->communities() ->where('community_id', '=', $community->id) ->where('is_admin', '=', '1') ->count() > 0; }
  15. 15. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/PROVIDERS/AUTHSERVICEPROVIDER.PHP // Check if the user can join a community // (they are not already a member) $gate->define('join-community', function ($user, $community) { if (!$user->isMemberOfCommunity($community)) { return true; } }); // Check if the user can update the community settings // (they are an admin) $gate->define('update-community', function ($user, $community) { if ($user->isAdminOfCommunity($community) ) { return true; } });
  16. 16. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES THIS COULD GET OUT OF HAND QUICKLY. ENTER POLICIES.
  17. 17. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES CREATING A POLICY > php artisan make:policy EntryPolicy Policy created successfully. > php artisan make:policy CommunityPolicy Policy created successfully.
  18. 18. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/POLICIES/ENTRYPOLICY.PHP <?php namespace AppPolicies; use AppUser; use AppEntry; use IlluminateAuthAccessHandlesAuthorization; class EntryPolicy { use HandlesAuthorization; public function update(User $user, Entry $entry) { return $user->id === $entry->created_by; } public function delete(User $user, Entry $entry) { // etc } }
  19. 19. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/POLICIES/COMMUNITYPOLICY.PHP <?php namespace AppPolicies; use AppUser; use AppCommunity; use IlluminateAuthAccessHandlesAuthorization; class CommunityPolicy { use HandlesAuthorization; public function update(User $user, Community $community) { return $user->id === $community->created_by; } public function delete(User $user, Community $community) { // etc } }
  20. 20. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/PROVIDERS/AUTHSERVICEPROVIDER.PHP <?php namespace AppProviders; use AppPoliciesEntryPolicy; use AppPoliciesCommunityPolicy; use IlluminateContractsAuthAccessGate as GateContract; use IlluminateFoundationSupportProvidersAuthServiceProvider as ServiceProvider; class AuthServiceProvider extends ServiceProvider { protected $policies = [ Entry::class => EntryPolicy::class, Community::class => CommunityPolicy::class, ]; /** * Register any application authentication / authorization services. * * @param IlluminateContractsAuthAccessGate $gate * @return void */ public function boot(GateContract $gate) { $this->registerPolicies($gate); }
  21. 21. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES APP/PROVIDERS/AUTHSERVICEPROVIDER.PHP <?php namespace AppProviders; use AppPoliciesEntryPolicy; use AppPoliciesCommunityPolicy; use IlluminateContractsAuthAccessGate as GateContract; use IlluminateFoundationSupportProvidersAuthServiceProvider as ServiceProvider; class AuthServiceProvider extends ServiceProvider { protected $policies = [ Entry::class => EntryPolicy::class, Community::class => CommunityPolicy::class, ]; /** * Register any application authentication / authorization services. * * @param IlluminateContractsAuthAccessGate $gate * @return void */ public function boot(GateContract $gate) { $this->registerPolicies($gate); }
  22. 22. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES CHECKING POLICIES ▸ Via Gate facade
 
 
 
 ▸ Via User Model
 
 if (Gate::denies('update', $entry)) { // } if ($user->can('update', $entry)) { // }
  23. 23. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES CHECKING POLICIES ▸ Via Blade shortcut:
 
 
 ▸ Via Policy Helper:
 @can('update', $entry) @endcan if (policy($entry)->update($user, $entry)) { // }
  24. 24. LARAVEL 5.2 GATES, AUTHSERVICEPROVIDER AND POLICIES CONCLUSION: THE AUTHSERVICEPROVIDER + POLICIES LETS YOU ▸ Use existing model methods to determine authorization ▸ Group related authorization rules together for maintainability ▸ Use nifty shortcuts in your blades

  25. 25. THANK YOU! @SNIPEYHEAD

×