Skip to main content

Laravel – Authorization

Laravel – Authorization

In the previous chapter, we have studied about authentication process in Laravel. This chapter explains you the authorization process in Laravel.

Difference between Authentication and Authorization

Before proceeding further into learning about the authorization process in Laravel, let us understand the difference between authentication and authorization.
In authentication, the web application or a system verifies the user through defined credentials. If the credentials match as per the records, they are authenticated, or else they are not.
When we describe the term authorization, it solely describes the verification if the authenticated users can access the resources that is defined for them. In other words, it verifies their rights and permissions over the requested and defined resources. If the authenticated users, can access the resources as defined, it means that they are authorized.
Thus, authentication involves checking the validity of the user credentials, and authorization involves checking the rights and permissions over the resources that an authenticated user has.

Authorization Mechanism in Laravel

Laravel provides a simple mechanism for authorization that contains two primary ways, namely Gates and Policies.

Writing Gates and Policies

Gates are used to determine if a user is authorized to perform a specified action. They are typically defined in App/Providers/AuthServiceProvider.php using Gate facade. Gates are also functions which are declared for performing authorization mechanism.
Policies are declared within an array and are used within classes and methods which use authorization mechanism.
The following lines of code explain you how to use Gates and Policies for authorizing a user in a Laravel web application. Note that in this example, the boot function is used for authorizing the users.

Popular posts from this blog

Laravel – Blade Templates

Laravel – Blade Templates Laravel 5.1 introduces the concept of using  Blade , a templating engine to design a unique layout. The layout thus designed can be used by other views, and includes a consistent design and structure. When compared to other templating engines, Blade is unique in the following ways − It does not restrict the developer from using plain PHP code in views. The blade views thus designed, are compiled and cached until they are modified. The complete directory structure of Laravel is shown in the screenshot given here. You can observe that all views are stored in the  resources/views  directory and the default view for Laravel framework is  welcome.blade.php . Please note that other blade templates are also created similarly. Steps for Creating a Blade Template Layout You will have to use the following steps to create a blade template layout − Step 1 Create a layout folder inside the  resources/views  folder. We are...
Read more

What is Laravel Framework?

What is Laravel Framework? Laravel is a free, open-source PHP web framework, created by Taylor Otwell and intended for the development of web applications following the model–view–controller (MVC) architectural pattern.
Read more

What is routing and how, and what are the different ways to write it?

What is routing and how, and what are the different ways to write it? All Laravel routes are defined in your route files, which are located in the routes directory. These files are automatically loaded by the framework. The routes/web.php file defines routes that are for your web interface. These routes are assigned the web middleware group, which provides features like session state and CSRF protection. The routes in routes/api.php are stateless and are assigned the api middleware group. For most applications, you will begin by defining routes in your routes/web.php file.
Read more