-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. A non-administrative user would only be authorized to read the documents. Authentication, on the other hand, is the process of ascertaining who a user is.
Laravel lets you handle authorization by using Gates and Policies, in a way we feel to be quite inflexible and unextendible. While it may work well for basic concerns, it fails to provide for authorizing more than basic scenarios in a standardized way.
This package aims to provide an easy, flexible, reliable and intuitive alternative to the way Laravel lets you handle Authorization out of the box, inspired by the way ASP.NET lets you handle it.
This package provides a simple, declarative permission, role and policy-based model. Authorization is expressed in requirements, and handlers evaluate a user against requirements. Imperative checks can be based on simple policies or policies which evaluate both the user identity and properties of the resource that the user is attempting to access.