Laravel 5.1.11 introduces ACL system

Another great news for Laravel community - more and more often repeated functions become a part of Laravel framework itself. Today a new addition is Authorization or ACL functionality. As usual, it was officially announced on Twitter - like this:

First announcement of today: a beautiful way to organize your ACL logic in Laravel. Available immediately! http://t.co/kKDOVWiWRO ?
— Laravel (@laravelphp) August 31, 2015

Already retweeted and favorited by hundreds of Laravel fans, this feature adds some new functionality to Auth mechanism. Here are just a few example from new official documentation: New Gate facade:

if (Gate::forUser($user)->allows('update-post', $post)) {
    //
}

Using User model in request:

if ($request->user()->can('update-post', $post)) {
  // ... Update post
}

Blade helpers:

@can('update-post', $post)
    Edit Post
@endcan

Form Request classes - in method authorize():

return Gate::allows('update', Post::findOrFail($postId));

Wrapping rules into Policy classes: Artisan command:

php artisan make:policy PostPolicy

Policy Class function:

class PostPolicy
{
    public function update(User $user, Post $post)
    {
        return $user->id === $post->user_id;
    }
}

Personally, it reminds me a little of WordPress users/capabilities functions like current_user_can() and similar ones. Important note - this new functionality was built not only by Taylor Otwell himself, but also by Adam Wathan - thanks for that, guys!

Laravel 5.1.11 introduces ACL system

Enjoyed This Tutorial?

Recent Courses on Laravel Daily

Laravel 13 Eloquent: Expert Level

How to Build Laravel 13 API From Scratch

How to Structure Laravel 13 Projects