authorizeResource alternatives #50552

uikolas · 2024-03-14T13:00:40Z

uikolas
Mar 14, 2024

After upgrading to Laravel 11 I noticed that 11 version dropped documentation for resource authorization link to 10 version resource docs and in 11 version it does not exists

And as new version propose to use clean base controller, but we can still use AuthorizesRequests trait.
But then authorizeResource method stops working, since it does have access to middleware function anymore

So maybe a new handy approach exist to set Policy on resource controller?

I know I can extend the base controller. But since the docs are removed I guess a new approach should exist?
Also I know I can add on each resource method, to check if user is authorized. But maybe we can do it more simpler?

Khazl · 2024-04-05T12:44:58Z

Khazl
Apr 5, 2024

I have noticed the same thing and am facing the same problem.
Is there an official best practice for this?

2 replies

MorganGonzales Apr 5, 2024

I assume that Laravel 11 is heading towards being specific in defining authorization rules, so probably having a Gate::authorize definition for each controller action, instead of using the authorizeResource which is very global. And I think this is the best practice for Laravel 11.

Khazl Apr 5, 2024

having a Gate::authorize definition for each controller action

Doesn't necessarily sound like a good alternative and a planned best practice.
That's exactly why the question comes up. Can anyone officially confirm that this is the case?

i6media · 2024-04-08T12:18:49Z

i6media
Apr 8, 2024

You can still extend the \Illuminate\Routing\Controller instead of App\Http\Controllers\Controller and use the \Illuminate\Foundation\Auth\Access\AuthorizesRequests\AuthorizesRequests in your custom controllers in Laravel 11:

<?php

class FooController extends \Illuminate\Routing\Controller
{
    use \Illuminate\Foundation\Auth\Access\AuthorizesRequests;

    public function __construct()
    {
        $this->authorizeResource(FooResource::class, 'parameter');
    }
}

1 reply

hesham-fouda Apr 17, 2024

In this case you can't use Illuminate\Routing\Controllers\HasMiddleware

GautierDele · 2024-09-10T13:13:18Z

GautierDele
Sep 10, 2024

@taylorotwell is there a particular reason you removed this in the documentation on this commit ?
laravel/docs@745bab3

Just to be sure this is not about to be deprecated 😄

0 replies

aplauche · 2024-12-24T17:16:33Z

aplauche
Dec 24, 2024

This is really disappointing if it is being removed. Needing to specify for each method in the controller negates a big benefit of resource controllers. Without authorizeResource it feels better to manually specify each route and use middleware. This feels like a critical component of the idea of a "resource".

2 replies

crynobone Dec 25, 2024
Maintainer

There no where in the upgrade guide saying Illuminate\Http\Controller was deprecated, it just not being configured as the default.

aplauche Dec 25, 2024

Got it, just saw the comment above that mentioned deprecation, and also wanted to clarify whether that was the case, but happy to hear it is just a defaults change! Will continue to just use http controller. Thanks!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

authorizeResource alternatives #50552

{{title}}

Replies: 4 comments 5 replies

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

authorizeResource alternatives #50552

Replies: 4 comments · 5 replies

crynobone Dec 25, 2024 Maintainer

Replies: 4 comments 5 replies

crynobone Dec 25, 2024
Maintainer