Subscribe to PHP Freaks RSS

User Roles and Access Control (ACL) in Laravel

syndicated from planet-php.net on March 2, 2019

It's been over a year since I covered how to protect adminpanel routes in Laravel using Gates. Some people kept reminding me about my promise to cover ACL and user roles, and I kept putting off fulfilling that promise.



Finally I run into that on one of my projects, and that's the sign I was waiting for to continue giving back to the community I learned so much from.



What is ACL





Although some computer science theorists enjoy using baffling definitions of the term (looking at you, MSDN), in reality it's pretty simple and straightforward. ACL stands for Access Control List, and specifies what users are allowed to do.



There are three entities in the ACL:



  • User Role: e.g. admin, editor, reader
  • Object: e.g. blog post
  • Operation: create, edit, read, etc.



Continue reading