How to use authorization in Laravel: Gates, policies, roles and permissions

In a previous entry, I mentioned the importance of hand-in-hand authorization and authentication. Now, let’s talk about the many ways that Laravel provides to apply authorization to your application. 

The Laravel documentation describes multiple tools to authorize access to your application. It goes into detail about creating, constructing, and applying these authorization mechanisms. However, it only gives light direction about which method is best to use in your application. That’s because each application is different, and the way you apply authorization can be subjective. One of the packages I describe later, Spatie’s Laravel Permission, also walks the same tightrope. They make sure to integrate with Laravel and provide robust features but generally hint at guidance. 

So, how do you decide what authentication mechanism to apply? Do you use Laravel’s built-in tools, or must you install a third-party package to get the functionality you need? 

This question is complicated, but we can work towards an answer. Let’s begin by examining what we have available to us. 

Authorization tools available in a Laravel app 

Laravel provides gates and policies right out of the box. You can read the authorization documentation for detailed implementation instructions. But let’s talk specifically about each and what they’re

Read More: https://resources.infosecinstitute.com/topic/how-to-use-authorization-in-laravel-gates-policies-roles-and-permissions/