-
Notifications
You must be signed in to change notification settings - Fork 335
Home
This package adds a bouncer at Laravel's access gate.
Bouncer provides a mechanism to handle roles and abilities in Laravel's ACL. With an expressive and fluent syntax, it stays out of your way as much as possible: use it when you want, ignore it when you don't.
For a quick, glanceable list of Bouncer's features, check out the cheat sheet.
Bouncer works well with other abilities you have hard-coded in your own app. Your code always takes precedence: if your code allows an action, the bouncer will not interfere.
Once installed, you can simply tell the bouncer what you want to allow at the gate:
// Give a user the ability to create posts
Bouncer::allow($user)->to('create', Post::class);
// Alternatively, do it through a role
Bouncer::allow('admin')->to('create', Post::class);
Bouncer::assign('admin')->to($user);
// You can also restrict abilities to a specific model
Bouncer::allow($user)->to('edit', $post);
When you check abilities at the gate, the bouncer will be consulted first. If he sees an ability that has been granted to the current user (whether directly, or through a role) he'll authorize the check.