Policy

Besides providing the authentication, Laravel also provides a simple way to protect/authorize users' actions against a given resource. For example, a user can log in to the application or they may or may not have permission to view the Eloquent model or database record e.g. company record.

There are two ways of authorizing, gates and policies. In this tutorial, we are going to use policies. All the policies live in the app->Policies folder.

Before creating the policies, we are going to create a PHP config file containing the list of permission role in the application.

Create a new file called user_permission.php in config folder and replace to the below code.

<?php
    return [
    'setting_company_records_create' => 'setting_company_records_create',
    'setting_company_records_read' => 'setting_company_records_read',
    'setting_company_records_update' => 'setting_company_records_update',
    'setting_company_records_delete' => 'setting_company_records_delete',
    'setting_company_records_restore' => 'setting_company_records_restore',
    'setting_holiday_records_create' => 'setting_holiday_records_create',
    'setting_holiday_records_read' => 'setting_holiday_records_read',
    'setting_holiday_records_update' => 'setting_holiday_records_update',
    'setting_holiday_records_delete' => 'setting_holiday_records_delete',
    'setting_holiday_records_restore' => 'setting_holiday_records_restore',
    'setting_workingday_records_create' => 'setting_workingday_records_create',
    'setting_workingday_records_read' => 'setting_workingday_records_read',
    'setting_workingday_records_update' => 'setting_workingday_records_update',
    'setting_workingday_records_delete' => 'setting_workingday_records_delete',
    'setting_workingday_records_restore' => 'setting_workingday_records_restore',
    'setting_department_records_create' => 'setting_department_records_create',
    'setting_department_records_read' => 'setting_department_records_read',
    'setting_department_records_update' => 'setting_department_records_update',
    'setting_department_records_delete' => 'setting_department_records_delete',
    'setting_department_records_restore' => 'setting_department_records_restore',
    'setting_leavetype_records_create' => 'setting_leavetype_records_create',
    'setting_leavetype_records_read' => 'setting_leavetype_records_read',
    'setting_leavetype_records_update' => 'setting_leavetype_records_update',
    'setting_leavetype_records_delete' => 'setting_leavetype_records_delete',
    'setting_leavetype_records_restore' => 'setting_leavetype_records_restore',
    'setting_holiday_records_create' => 'setting_holiday_records_create',
    'setting_calendar_records_create' => 'setting_calendar_records_create',
    'setting_calendar_records_read' => 'setting_calendar_records_read',
    'setting_userAccount_records_create' => 'setting_userAccount_records_create',
    'setting_userAccount_records_read' => 'setting_userAccount_records_read',
    'setting_userAccount_records_update' => 'setting_userAccount_records_update',
    'setting_userAccount_records_delete' => 'setting_userAccount_records_delete',
    'setting_userAccount_records_restore' => 'setting_userAccount_records_restore',
	'setting_userAccount_records_change_password' => 'setting_userAccount_records_change_password',
	'setting_userAccount_records_apply_permission' => 'setting_userAccount_records_apply_permission',
    'setting_leave_entitlements_records_read' => 'setting_leave_entitlements_records_read',
    'setting_leave_entitlements_records_update' => 'setting_leave_entitlements_records_update',
    'setting_leave_entitlements_records_delete'=>'setting_leave_entitlements_records_delete',
    'setting_leave_type_approving_records_read' => 'setting_leave_type_approving_records_read',
    'setting_leave_type_approving_records_update' => 'setting_leave_type_approving_records_update',
    'setting_leave_type_approving_records_delete'=>'setting_leave_type_approving_records_delete',
    'setting_user_account_approving_records_read' => 'setting_user_account_approving_records_read',
    'setting_user_account_approving_records_update' => 'setting_user_account_approving_records_update',
    'setting_user_account_approving_records_delete'=>'setting_user_account_approving_records_delete',
    'leave_application_apply'=> 'leave_application_apply',
    'leave_application_manage'=> 'leave_application_manage',
    'leave_application_history'=> 'leave_application_history',
    'application_menu' => 'application_menu',
    'setting_menu' => 'setting_menu'
    ];

Now we going to create policies.

Company

php artisan make:policy CompanyPolicy

A Function on a policy checks if login user has permission. It call hasCode method on User model and compare with variables on user_permission.

public function create(User $user){
    return  $user->hasCode($user, Config::get('user_permission.setting_company_records_create'));
}

Policy class

Replace the policy as below.

Note: Please use the copy button to copy the source code.

We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;

class CompanyPolicy
{
    use HandlesAuthorization;
    public function __construct()
    {
    }

    public function create(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_company_records_create'));
    }

    public function read(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_company_records_read'));
    }

    public function update(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_company_records_update'));
    }

    public function delete(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_company_records_delete'));
    }

    public function restore(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_company_records_restore'));
    }
}

Event

php artisan make:policy EventPolicy

Policy class

Replace the policy as below.

Note: Please use the copy button to copy the source code.

We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;

class EventPolicy
{
    use HandlesAuthorization;

    public function __construct()
    {
        
    }

    public function create(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_calendar_records_create'));
    }

    public function read(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_calendar_records_read'));
    }

    public function update(User $user, Event $event)
    {
        return ($user->id === $event->user_id 
                        && $user->hasCode($user, Config::get('user_permission.setting_calendar_records_create'))
                    );
    }

    public function delete(User $user, Event $event)
    {
        return $user->id === $event->user_id;
    }
}

Holiday

php artisan make:policy HolidayPolicy

Policy class

Replace the policy as below.

Note: Please use the copy button to copy the source code.

We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;

class HolidayPolicy
{
    use HandlesAuthorization;

    public function __construct()
    {
        //
    }

    public function create(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_holiday_records_create'));
    }

    public function read(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_holiday_records_read'));
    }

    public function update(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_holiday_records_update'));
    }

    public function delete(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_holiday_records_delete'));
    }

    public function restore(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_holiday_records_restore'));
    }
}

Leave Application Policy

php artisan make:policy LeaveApplicationPolicy

Policy class

Replace the policy as below.

Note: Please use the copy button to copy the source code.

We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;

class LeaveApplicationPolicy
{
    use HandlesAuthorization;

    public function __construct()
    {
        //
    }
    public function apply(User $user){
        return  $user->hasCode($user, Config::get('user_permission.leave_application_apply'));
    }

    public function document(User $user){
        return  $user->hasCode($user, Config::get('user_permission.leave_application_manage'));
    }

    public function manage(User $user){
        return  $user->hasCode($user, Config::get('user_permission.leave_application_manage'));
    }

    public function history(User $user){
        return  $user->hasCode($user, Config::get('user_permission.leave_application_history'));
    }
}

LeaveEntitlement

php artisan make:policy LeaveEntitlementPolicy

Policy class

Replace the policy as below.

Note: Please use the copy button to copy the source code.

We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;

class LeaveEntitlementPolicy
{
    use HandlesAuthorization;

    public function __construct()
    {
        //
    }

    public function show(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leave_entitlements_records_read'));
    }

    public function update(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leave_entitlements_records_update'));
    }

    public function delete(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leave_entitlements_records_delete'));
    }
}

Leave Type Approving Officer

php artisan make:policy LeaveTypeApprovingOfficerPolicy

Policy class

Replace the policy as below.

Note: Please use the copy button to copy the source code.

We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;

class LeaveTypeApprovingOfficerPolicy
{
    use HandlesAuthorization;

    public function __construct()
    {
        //
    }

    public function show(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_read'));
    }

    public function update(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_update'));
    }

    public function delete(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_delete'));
    }
}

Leave Type Policy

php artisan make:policy LeaveTypePolicy

Policy class

Replace the policy as below.

Note: Please use the copy button to copy the source code.

We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;

class LeaveTypePolicy
{
    use HandlesAuthorization;

    public function __construct()
    {
        //
    }

    public function create(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leavetype_records_create'));
    }

    public function read(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leavetype_records_read'));
    }

    public function update(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leavetype_records_update'));
    }

    public function delete(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_leavetype_records_delete'));
    }

    public function restore(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_leavetype_records_restore'));
    }
}

User Approving Officer Policy

php artisan make:policy UserApprovingOfficerPolicy

Policy class

Replace the policy as below.

Note: Please use the copy button to copy the source code.

We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;

class UserApprovingOfficerPolicy
{
    use HandlesAuthorization;
    public function __construct()
    {
        //
    }

    public function show(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_read'));
    }

    public function update(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_update'));
    }

    public function delete(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_delete'));
    }
}

User Policy

php artisan make:policy UserPolicy

Policy class

Note: Please use the copy button to copy the source code.

We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;

class UserPolicy
{
    use HandlesAuthorization;

    /**
     * Create a new policy instance.
     *
     * @return void
     */
    public function __construct()
    {
        //
    }

    public function create(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_create'));
    }

    public function read(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_read'));
    }

    public function update(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_update'));
    }

    public function delete(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_delete'));
    }

    public function restore(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_restore'));
    }

    public function change_password(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_change_password'));
    }

    public function apply_permission(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_apply_permission'));
    }

    public function amItheLoginUser(User $user, int $id){
        if($user->id == $id){
            return false;
        }
        else{
            return true;
        }
    }

    public function leave_application_menu(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.application_menu'));
    }

    public function setting_menu(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_menu'));
    }

}

Working Day Policy

php artisan make:policy WorkingDayPolicy

Policy class

Note: Please use the copy button to copy the source code.

We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;

class WorkingDayPolicy
{
    use HandlesAuthorization;
    
    public function __construct()
    {
        //
    }

    public function create(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_workingday_records_create'));
    }

    public function read(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_workingday_records_read'));
    }

    public function update(User $user){
        return  $user->hasCode($user, Config::get('user_permission.setting_workingday_records_update'));
    }

    public function delete(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_workingday_records_delete'));
    }

    public function restore(User $user){       
        return  $user->hasCode($user, Config::get('user_permission.setting_workingday_records_restore'));
    }
}

< Data Seeder

Company Controller >

Policy

Company

Policy class

Event

Policy class

Holiday

Policy class

Leave Application Policy

Policy class

LeaveEntitlement

Policy class

Leave Type Approving Officer

Policy class

Leave Type Policy

Policy class

User Approving Officer Policy

Policy class

User Policy

Policy class

Working Day Policy

Policy class

Search

Tags

Get $100 Free, sign up today

Popular Articles