authorizeResource alternatives #50552

uikolas · 2024-03-14T13:00:40Z

uikolas
Mar 14, 2024

After upgrading to Laravel 11 I noticed that 11 version dropped documentation for resource authorization link to 10 version resource docs and in 11 version it does not exists

And as new version propose to use clean base controller, but we can still use AuthorizesRequests trait.
But then authorizeResource method stops working, since it does have access to middleware function anymore

So maybe a new handy approach exist to set Policy on resource controller?

I know I can extend the base controller. But since the docs are removed I guess a new approach should exist?
Also I know I can add on each resource method, to check if user is authorized. But maybe we can do it more simpler?

Khazl · 2024-04-05T12:44:58Z

Khazl
Apr 5, 2024

I have noticed the same thing and am facing the same problem.
Is there an official best practice for this?

2 replies

MorganGonzales Apr 5, 2024

I assume that Laravel 11 is heading towards being specific in defining authorization rules, so probably having a Gate::authorize definition for each controller action, instead of using the authorizeResource which is very global. And I think this is the best practice for Laravel 11.

Khazl Apr 5, 2024

having a Gate::authorize definition for each controller action

Doesn't necessarily sound like a good alternative and a planned best practice.
That's exactly why the question comes up. Can anyone officially confirm that this is the case?

i6media · 2024-04-08T12:18:49Z

i6media
Apr 8, 2024

You can still extend the \Illuminate\Routing\Controller instead of App\Http\Controllers\Controller and use the \Illuminate\Foundation\Auth\Access\AuthorizesRequests\AuthorizesRequests in your custom controllers in Laravel 11:

<?php

class FooController extends \Illuminate\Routing\Controller
{
    use \Illuminate\Foundation\Auth\Access\AuthorizesRequests;

    public function __construct()
    {
        $this->authorizeResource(FooResource::class, 'parameter');
    }
}

1 reply

hesham-fouda Apr 17, 2024

In this case you can't use Illuminate\Routing\Controllers\HasMiddleware

GautierDele · 2024-09-10T13:13:18Z

GautierDele
Sep 10, 2024

@taylorotwell is there a particular reason you removed this in the documentation on this commit ?
laravel/docs@745bab3

Just to be sure this is not about to be deprecated 😄

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

authorizeResource alternatives #50552

{{title}}

Replies: 3 comments 3 replies

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

Select a reply

authorizeResource alternatives #50552

uikolas Mar 14, 2024

Replies: 3 comments · 3 replies

Khazl Apr 5, 2024

MorganGonzales Apr 5, 2024

Khazl Apr 5, 2024

i6media Apr 8, 2024

hesham-fouda Apr 17, 2024

GautierDele Sep 10, 2024

uikolas
Mar 14, 2024

Replies: 3 comments 3 replies

Khazl
Apr 5, 2024

i6media
Apr 8, 2024

GautierDele
Sep 10, 2024