Oh Dear is the all-in-one monitoring tool for your entire website. We monitor uptime, SSL certificates, broken links, scheduled tasks and more. You'll get a notifications for us when something's wrong. All that paired with a developer friendly API and kick-ass documentation. O, and you'll also be able to create a public status page under a minute. Start monitoring using our free trial now.

A middleware to check abilities on the route level

Original – by Freek Van der Herten – 1 minute read

Laravel's native authorization functionality allows you to define abilities a user can have. There are multiple ways to check if a user has a certain ability: via the facade, via the user model, within blade templates and within form requests.

What Laravel doesn't provide out of the box is a middleware to check abilities on the route-level. So I made that middleware myself and released it as a package on GitHub.

Here's a simple example to give you an idea what it can do:

// only users with the viewTopSecretPage-ability be 
// able to see this

Route::get('/top-secret-page', [
   'middleware'=> 'can:viewTopSecretPage',
   'uses' => 'TopSecretController@index',
]);

Route groups can be used to apply the middleware to a bunch of routes:

Route::group(['prefix' => 'admin', 'middleware' => 'can:viewAdmin'], function() {

   //all the controllers of your admin section
   ...

});

I've provided a readme with full installation instructions and some examples.

If you like the package, be sure to check out the other Spatie Laravel packages.

Stay up to date with all things Laravel, PHP, and JavaScript.

You can follow me on these platforms:

On all these platforms, regularly share programming tips, and what I myself have learned in ongoing projects.

Every month I send out a newsletter containing lots of interesting stuff for the modern PHP developer.

Expect quick tips & tricks, interesting tutorials, opinions and packages. Because I work with Laravel every day there is an emphasis on that framework.

Rest assured that I will only use your email address to send you the newsletter and will not use it for any other purposes.

Comments

What are your thoughts on "A middleware to check abilities on the route level"?

Comments powered by Laravel Comments
Want to join the conversation? Log in or create an account to post a comment.