 |
VOOZH | about |
|
VOOZH | about |
The Gate class serves as the central authorization engine for the hypervel/auth package. It provides a unified interface for defining and evaluating authorization rules through abilities and policies, managing access control decisions across the application.
For information about authorization responses and exception handling, see Authorization Responses and Exceptions. For details about authorization events, see Authorization Events.
The Gate implements a comprehensive authorization system built around abilities, policies, and callback mechanisms. It integrates with Hyperf's dependency injection container and provides flexible user resolution.
Architecture Overview
Sources: src/Access/Gate.php23-55
The Gate is registered in the dependency injection container through GateFactory, which handles instantiation and configuration:
Gate Factory and DI Registration
Sources: src/ConfigProvider.php22 src/Access/Gate.php47-55
The Gate constructor accepts core dependencies and initial configuration for the authorization system:
| Parameter | Type | Purpose |
|---|---|---|
container | ContainerInterface | DI container for resolving policy classes |
userResolver | Closure | Callback to resolve the current user |
abilities | array | Pre-defined ability callbacks |
policies | array | Class-to-policy mappings |
beforeCallbacks | array | Global before callbacks |
afterCallbacks | array | Global after callbacks |
Gate Initialization Parameters
Sources: src/Access/Gate.php47-55
The Gate provides multiple ways to define and manage authorization abilities:
The define() method registers authorization abilities with their corresponding callbacks:
Ability Definition Process
Sources: src/Access/Gate.php122-139
The resource() method provides a convenient way to define standard CRUD abilities for resource classes:
| Default Ability | Method | Purpose |
|---|---|---|
viewAny | viewAny | List/index permissions |
view | view | View single resource |
create | create | Create new resource |
update | update | Update existing resource |
delete | delete | Delete resource |
Sources: src/Access/Gate.php144-159
The Gate builds ability callbacks that integrate with the policy system:
Ability Callback Execution
Sources: src/Access/Gate.php164-194
The Gate integrates with policy classes to provide organized, class-based authorization logic:
The policy() method maps model classes to their corresponding policy classes:
Policy Registration and Resolution
Sources: src/Access/Gate.php199-204 src/Access/Gate.php493-522
The Gate automatically formats ability names to policy method names and handles policy execution:
Policy Callback Resolution
Sources: src/Access/Gate.php527-555 src/Access/Gate.php599-602
The Gate provides multiple methods for performing authorization checks with different return types and behaviors:
| Method | Return Type | Behavior |
|---|---|---|
allows() | bool | Returns true if authorized |
denies() | bool | Returns true if denied |
check() | bool | Checks all abilities (AND logic) |
any() | bool | Checks any ability (OR logic) |
none() | bool | Returns true if all denied |
authorize() | Response | Throws exception if denied |
inspect() | Response | Returns Response object |
raw() | mixed | Returns raw callback result |
Core Authorization Flow
Sources: src/Access/Gate.php229-333
The Gate provides allowIf() and denyIf() methods for conditional authorization checks:
On-Demand Authorization
Sources: src/Access/Gate.php78-115
The Gate implements a comprehensive callback system with before and after hooks:
Before callbacks run before any authorization check and can override authorization decisions:
Before Callback Processing
Sources: src/Access/Gate.php209-213 src/Access/Gate.php415-426
After callbacks run after authorization checks for logging, auditing, or result modification:
After Callback Processing
Sources: src/Access/Gate.php219-223 src/Access/Gate.php431-444
The Gate provides sophisticated guest user support through reflection-based parameter analysis:
The Gate determines if authorization callbacks can be called with guest users (null users) by examining method signatures:
Guest User Authorization Flow
Sources: src/Access/Gate.php338-398
The Gate integrates with Hyperf's event system to provide authorization auditing:
After each authorization check, the Gate dispatches a GateEvaluated event for auditing purposes:
Authorization Event Dispatch
Sources: src/Access/Gate.php449-458
The Gate provides flexible user context management through user resolution and user-specific instances:
The Gate resolves the current user through a configurable closure:
User Context Resolution
Sources: src/Access/Gate.php607-627
The Gate maintains several types of state and provides access to its configuration:
| Method | Returns | Purpose |
|---|---|---|
abilities() | array | Get all defined abilities |
policies() | array | Get all policy mappings |
has() | bool | Check if ability exists |
defaultDenialResponse() | static | Set default denial response |
Sources: src/Access/Gate.php60-71 src/Access/Gate.php632-653
Refresh this wiki