Simpler (better?) Laravel Authorization using Brandenburg
Most web applications which have an account or admin area typically require some kind of access-control which is commonly handled through the use of Roles and Permissions.
Since Laravel 5.1.11 the framework has provided a convenient way to handle Authorization in the form of Gates and Policies which allow for fine-grained control over determining who, and what, can be accessed.
The challenge is how to assign Users with Roles and Permissions, and how to integrate this with the standard Gate Policies.
This is where the Brandenburg package (which coincidentally I created!) comes into play. I wanted to create a really easy, accessible way to assign permissions to users without needing to learn anything new outside of how to work with standard Laravel Gates and Policies.
Brandenburg provides a super thin-layer atop the standard Laravel Gates and Policies to easily assign permissions to users via roles and validate these within the Laravel Gates.
Why not use an existing package?
The reason why I decided to create my own package for this is because I wanted better separation of concerns when it comes to what should live in the Database, and what should live in the source-code.
Typically, the packages would suggest to validate if a user has a certain Role or Permission.
// The code expects you to have the editor role in your databaseif ($user->role === 'editor') {
// grant access
}
The problem with this approach is that it assumes that you created the editor role in your database because your source-code relies on it. It also means that if you create a new role or permission in your code, you have to create a new database entry to match this new role or permission.
Brandenburg uses Policies defined in the source only and does not require these to be duplicated in the Database. Instead, these permissions are assigned to Roles in the database, but the validation is done purely on the permission, not the Role itself, meaning that your source-code does not rely on you creating specific data in your DB.
// The can-create-articles permissions exists in code onlyif ($user->hasRoleWithPermission('can-create-articles')) {
// grant access
}
If you now create a new Gate Policy in code, Brandenburg will automatically make this available as a permission to assign to a Role in the database without and duplication. There also is an additional helper method which can be used to make this step optional by allowing any user access if nobody has been specifically granted access, which is great for future-proofing your code when initially you may not have multiple user roles.
if ($this->nobodyHasAccess('can-create-articles') {
// grant access
}Closing thoughts
The Brandenburg package is intended for really simple authorization and won’t be the right fit for everyone. If you need more advanced functionality, I would suggest looking at some of the more complex packages out there, even though they may not share the same approach.
I’m keen to hear any thoughts on the approach or the Brandenburg package and hope it can help you with your next Laravel project. A full tutorial / demo will follow in the near-future. Thank you for reading.
