How to develop coherent policies within your Laravel 5.4 application?

Commissioning the back end series

Created on: May 03, 2017

Updated on: April 25, 2018

Written by Sehinde Raji

We have all heard about the stories in which certain BME groups have been refused entry in various drinking establishments because they are "too dark" or "too fat"

Check out this article for further information London night-club refusals

Let's imagine that you have successfully built your Laravel application and you want to limit the patrons on it.

So that you can prevent your users from doing harm to your app. Well in Laravel 5.4 we can create policies that can prevent your users from doing all sorts of things.

Lets go through the process of setting this up, before we do lets go through some assumptions.

Assumptions:

php artisan make:policy LettingsPolicy

Notice that the LettingsPolicy has been created here:

app\policies\lettingspolicy
<?php

namespace App\Policies;

use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;

class LettingsPolicy
{
    use HandlesAuthorization;

    /**
     * Create a new policy instance.
     *
     * @return void
     */
    public function __construct()
    {
        //
    }
}

The next steps are that we need to populate this policy to get it work.

The first thing to do is that we are going to use dependency injection and we will inject the user and the letting in to the constructor.

We will create an update function and we will return the user id and the letting id.

Next we will create a delete function and we will do the same thing.

These actions have been reflected within the code listed below:

app\policies\LettingsPolicy
<?php

namespace App\Policies;

use App\User;
use App\Letting;
use Illuminate\Auth\Access\HandlesAuthorization;

class LettingsPolicy
{
    use HandlesAuthorization;
    /**
     * @var User
     */
    public $user;
    /**
     * @var Letting
     */
    public $letting;

    /**
     * Create a new policy instance.
     *
     * @param User $user
     * @param Letting $letting
     */
    public function __construct(User $user, Letting $letting)
    {

        $this->user = $user;
        $this->letting = $letting;
    }

    /**
     * Determine if the given letting can be updated by the user.
     *
     * @param  \App\User $user
     * @param Letting $letting
     * @return bool
     *
     */
    public function update(User $user, Letting $letting)
    {
        return $user->id === $letting->user_id;
    }

    /**
     * Determine if the given letting can be deleted by the user.
     *
     * @param  \App\User $user
     * @param Letting $letting
     * @return bool
     *
     */
    public function delete(User $user, Letting $letting)
    {
        return $user->id === $letting->user_id;
    }

}

Now that we have set up our LettingsPolicy the next stage is that we need to activate the policy within our AuthServiceProvider.

The AuthService Provider is responsible for your applications authorisation processes and we need to install our LettingsPolicy so that our policies rise out of the IOC container.

Go to app\providers\AuthServiceProvider

Your AuthServiceProvider should look like this:

<?php

namespace App\Providers;

use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',

    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        //
    }
}

We need to add our Letting model and LettingsPolicy within here

app\providers\authserviceprovider
<?php

namespace App\Providers;

use App\Letting;
use App\Policies\LettingsPolicy;

use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
        Letting::class => LettingsPolicy::class,

    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        //
    }
}

Now we can confirm that the LettingsPolicy has been added to our application. This means that users will be prevented from updating and deleting lettings.

We hope that you have found our tutorial useful and if you get some time check our our blog at www.ormrepo.co.uk