Policy
Besides providing the authentication, Laravel also provides a simple way to protect/authorize users' actions against a given resource. For example, a user can log in to the application or they may or may not have permission to view the Eloquent model or database record e.g. company record.
There are two ways of authorizing, gates and policies. In this tutorial, we are going to use policies. All the policies live in the app->Policies folder.
Before creating the policies, we are going to create a PHP config file containing the list of permission role in the application.
Create a new file called user_permission.php in config folder and replace to the below code.
<?php
return [
'setting_company_records_create' => 'setting_company_records_create',
'setting_company_records_read' => 'setting_company_records_read',
'setting_company_records_update' => 'setting_company_records_update',
'setting_company_records_delete' => 'setting_company_records_delete',
'setting_company_records_restore' => 'setting_company_records_restore',
'setting_holiday_records_create' => 'setting_holiday_records_create',
'setting_holiday_records_read' => 'setting_holiday_records_read',
'setting_holiday_records_update' => 'setting_holiday_records_update',
'setting_holiday_records_delete' => 'setting_holiday_records_delete',
'setting_holiday_records_restore' => 'setting_holiday_records_restore',
'setting_workingday_records_create' => 'setting_workingday_records_create',
'setting_workingday_records_read' => 'setting_workingday_records_read',
'setting_workingday_records_update' => 'setting_workingday_records_update',
'setting_workingday_records_delete' => 'setting_workingday_records_delete',
'setting_workingday_records_restore' => 'setting_workingday_records_restore',
'setting_department_records_create' => 'setting_department_records_create',
'setting_department_records_read' => 'setting_department_records_read',
'setting_department_records_update' => 'setting_department_records_update',
'setting_department_records_delete' => 'setting_department_records_delete',
'setting_department_records_restore' => 'setting_department_records_restore',
'setting_leavetype_records_create' => 'setting_leavetype_records_create',
'setting_leavetype_records_read' => 'setting_leavetype_records_read',
'setting_leavetype_records_update' => 'setting_leavetype_records_update',
'setting_leavetype_records_delete' => 'setting_leavetype_records_delete',
'setting_leavetype_records_restore' => 'setting_leavetype_records_restore',
'setting_holiday_records_create' => 'setting_holiday_records_create',
'setting_calendar_records_create' => 'setting_calendar_records_create',
'setting_calendar_records_read' => 'setting_calendar_records_read',
'setting_userAccount_records_create' => 'setting_userAccount_records_create',
'setting_userAccount_records_read' => 'setting_userAccount_records_read',
'setting_userAccount_records_update' => 'setting_userAccount_records_update',
'setting_userAccount_records_delete' => 'setting_userAccount_records_delete',
'setting_userAccount_records_restore' => 'setting_userAccount_records_restore',
'setting_userAccount_records_change_password' => 'setting_userAccount_records_change_password',
'setting_userAccount_records_apply_permission' => 'setting_userAccount_records_apply_permission',
'setting_leave_entitlements_records_read' => 'setting_leave_entitlements_records_read',
'setting_leave_entitlements_records_update' => 'setting_leave_entitlements_records_update',
'setting_leave_entitlements_records_delete'=>'setting_leave_entitlements_records_delete',
'setting_leave_type_approving_records_read' => 'setting_leave_type_approving_records_read',
'setting_leave_type_approving_records_update' => 'setting_leave_type_approving_records_update',
'setting_leave_type_approving_records_delete'=>'setting_leave_type_approving_records_delete',
'setting_user_account_approving_records_read' => 'setting_user_account_approving_records_read',
'setting_user_account_approving_records_update' => 'setting_user_account_approving_records_update',
'setting_user_account_approving_records_delete'=>'setting_user_account_approving_records_delete',
'leave_application_apply'=> 'leave_application_apply',
'leave_application_manage'=> 'leave_application_manage',
'leave_application_history'=> 'leave_application_history',
'application_menu' => 'application_menu',
'setting_menu' => 'setting_menu'
];
Now we going to create policies.
Company
php artisan make:policy CompanyPolicy
A Function on a policy checks if login user has permission. It call hasCode method on User model and compare with variables on user_permission.
public function create(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_company_records_create'));
}
Policy class
Replace the policy as below.
Note: Please use the copy button to copy the source code.
We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;
class CompanyPolicy
{
use HandlesAuthorization;
public function __construct()
{
}
public function create(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_company_records_create'));
}
public function read(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_company_records_read'));
}
public function update(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_company_records_update'));
}
public function delete(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_company_records_delete'));
}
public function restore(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_company_records_restore'));
}
}
Event
php artisan make:policy EventPolicy
Policy class
Replace the policy as below.
Note: Please use the copy button to copy the source code.
We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;
class EventPolicy
{
use HandlesAuthorization;
public function __construct()
{
}
public function create(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_calendar_records_create'));
}
public function read(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_calendar_records_read'));
}
public function update(User $user, Event $event)
{
return ($user->id === $event->user_id
&& $user->hasCode($user, Config::get('user_permission.setting_calendar_records_create'))
);
}
public function delete(User $user, Event $event)
{
return $user->id === $event->user_id;
}
}
Holiday
php artisan make:policy HolidayPolicy
Policy class
Replace the policy as below.
Note: Please use the copy button to copy the source code.
We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;
class HolidayPolicy
{
use HandlesAuthorization;
public function __construct()
{
//
}
public function create(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_holiday_records_create'));
}
public function read(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_holiday_records_read'));
}
public function update(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_holiday_records_update'));
}
public function delete(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_holiday_records_delete'));
}
public function restore(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_holiday_records_restore'));
}
}
Leave Application Policy
php artisan make:policy LeaveApplicationPolicy
Policy class
Replace the policy as below.
Note: Please use the copy button to copy the source code.
We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;
class LeaveApplicationPolicy
{
use HandlesAuthorization;
public function __construct()
{
//
}
public function apply(User $user){
return $user->hasCode($user, Config::get('user_permission.leave_application_apply'));
}
public function document(User $user){
return $user->hasCode($user, Config::get('user_permission.leave_application_manage'));
}
public function manage(User $user){
return $user->hasCode($user, Config::get('user_permission.leave_application_manage'));
}
public function history(User $user){
return $user->hasCode($user, Config::get('user_permission.leave_application_history'));
}
}
LeaveEntitlement
php artisan make:policy LeaveEntitlementPolicy
Policy class
Replace the policy as below.
Note: Please use the copy button to copy the source code.
We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;
class LeaveEntitlementPolicy
{
use HandlesAuthorization;
public function __construct()
{
//
}
public function show(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leave_entitlements_records_read'));
}
public function update(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leave_entitlements_records_update'));
}
public function delete(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leave_entitlements_records_delete'));
}
}
Leave Type Approving Officer
php artisan make:policy LeaveTypeApprovingOfficerPolicy
Policy class
Replace the policy as below.
Note: Please use the copy button to copy the source code.
We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;
class LeaveTypeApprovingOfficerPolicy
{
use HandlesAuthorization;
public function __construct()
{
//
}
public function show(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_read'));
}
public function update(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_update'));
}
public function delete(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_delete'));
}
}
Leave Type Policy
php artisan make:policy LeaveTypePolicy
Policy class
Replace the policy as below.
Note: Please use the copy button to copy the source code.
We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;
class LeaveTypePolicy
{
use HandlesAuthorization;
public function __construct()
{
//
}
public function create(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leavetype_records_create'));
}
public function read(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leavetype_records_read'));
}
public function update(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leavetype_records_update'));
}
public function delete(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leavetype_records_delete'));
}
public function restore(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leavetype_records_restore'));
}
}
User Approving Officer Policy
php artisan make:policy UserApprovingOfficerPolicy
Policy class
Replace the policy as below.
Note: Please use the copy button to copy the source code.
We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;
class UserApprovingOfficerPolicy
{
use HandlesAuthorization;
public function __construct()
{
//
}
public function show(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_read'));
}
public function update(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_update'));
}
public function delete(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_leave_type_approving_records_delete'));
}
}
User Policy
php artisan make:policy UserPolicy
Policy class
Note: Please use the copy button to copy the source code.
We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;
class UserPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function create(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_create'));
}
public function read(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_read'));
}
public function update(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_update'));
}
public function delete(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_delete'));
}
public function restore(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_restore'));
}
public function change_password(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_change_password'));
}
public function apply_permission(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_userAccount_records_apply_permission'));
}
public function amItheLoginUser(User $user, int $id){
if($user->id == $id){
return false;
}
else{
return true;
}
}
public function leave_application_menu(User $user){
return $user->hasCode($user, Config::get('user_permission.application_menu'));
}
public function setting_menu(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_menu'));
}
}
Working Day Policy
php artisan make:policy WorkingDayPolicy
Policy class
Note: Please use the copy button to copy the source code.
We need to include the following import statement(s)
use Illuminate\Support\Facades\Config;
class WorkingDayPolicy
{
use HandlesAuthorization;
public function __construct()
{
//
}
public function create(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_workingday_records_create'));
}
public function read(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_workingday_records_read'));
}
public function update(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_workingday_records_update'));
}
public function delete(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_workingday_records_delete'));
}
public function restore(User $user){
return $user->hasCode($user, Config::get('user_permission.setting_workingday_records_restore'));
}
}