VOOZH about

URL: https://deepwiki.com/hypervel/auth/3.4-authorizable-trait

⇱ Authorizable Trait | hypervel/auth | DeepWiki

Loading...
Loading...
Menu

Authorizable Trait

Purpose and Scope

The Authorizable trait provides authorization convenience methods that can be added to any entity (typically user models) to enable direct permission checking on the entity instance. The trait implements the Authorizable contract and delegates all authorization checks to the Gate system while automatically providing the entity as the user context.

This page documents the trait implementation and contract. For the Gate system that powers these checks, see Gate. For the contract specification, see Authorizable Contract. For authorization in controllers, see the related AuthorizesRequests trait documented in Utility Traits.

System Integration

The Authorizable trait serves as a bridge between entity instances and the Gate authorization system. It enables authorization checks directly on model instances rather than requiring explicit Gate calls.



Sources: src/Access/Authorizable.php1-44 src/Contracts/Authorizable.php1-14




Contract Definition


The Authorizable contract defines the minimum interface that any authorizable entity must implement. The contract requires a single method for permission checking.



















MethodParametersReturn TypeDescription
can()iterable|string $abilities, mixed $arguments = []boolDetermine if entity has given ability


Contract Location: src/Contracts/Authorizable.php7-13




Sources: src/Contracts/Authorizable.php7-13 src/Access/Authorizable.php10-43




Trait Implementation


The trait implementation provides four methods for authorization checking, all of which delegate to the Gate system. The trait resolves the Gate instance from the application container and automatically sets the current entity as the authorization user context.


Core Implementation Pattern


Each method in the trait follows this pattern:


    

  1. Resolve Gate instance from ApplicationContext::getContainer()
    2. 

  2. Call forUser($this) to set the entity as the authorization subject
    3. 

  3. Delegate to the appropriate Gate method
    4. 

  4. Return the boolean result
    5. 



Implementation Location: src/Access/Authorizable.php10-43




Sources: src/Access/Authorizable.php15-18




Method Reference


can()


Determines if the entity has the specified ability or abilities. When multiple abilities are provided, all must pass for the method to return true.




Parameters:


    

  • $abilities - Single ability string or iterable of multiple abilities
    • 

  • $arguments - Optional arguments passed to the ability check (e.g., model instances)
    • 



Returns: true if all abilities are granted, false otherwise


Delegates to: Gate::forUser($this)->check($abilities, $arguments)


Implementation: src/Access/Authorizable.php15-18




canAny()


Determines if the entity has any of the given abilities. Returns true if at least one ability is granted.




Parameters:


    

  • $abilities - Single ability string or iterable of multiple abilities
    • 

  • $arguments - Optional arguments passed to the ability check
    • 



Returns: true if any ability is granted, false if all are denied


Delegates to: Gate::forUser($this)->any($abilities, $arguments)


Implementation: src/Access/Authorizable.php23-26




cant() / cannot()


Both methods are aliases that determine if the entity does not have the given abilities. These are convenience methods that negate the result of can().




Parameters:


    

  • $abilities - Single ability string or iterable of multiple abilities
    • 

  • $arguments - Optional arguments passed to the ability check
    • 



Returns: true if abilities are denied, false if granted


Implementation: src/Access/Authorizable.php31-42


Sources: src/Access/Authorizable.php15-42




Gate Integration


The trait integrates with the Gate system by resolving the Gate instance from the dependency injection container and setting the entity as the authorization subject using forUser().




Container Resolution


The trait uses ApplicationContext::getContainer()->get(Gate::class) to resolve the Gate instance. This approach ensures:


    

  • The Gate is resolved from the DI container with all dependencies
    • 

  • The same Gate instance is used throughout the request
    • 

  • Configuration and registered abilities/policies are available
    • 



Resolution Code: src/Access/Authorizable.php17 src/Access/Authorizable.php25


User Context Setting


By calling forUser($this), the trait ensures that the entity instance is used as the authorization subject. This is critical because:


    

  • The Gate evaluates abilities in the context of a specific user
    • 

  • Policy methods receive the entity as the first parameter
    • 

  • Before/after callbacks can access the user context
    • 



Sources: src/Access/Authorizable.php17 src/Access/Authorizable.php25




Usage Patterns


Basic Model Integration


Add the trait to any model that should support authorization checks:




Permission Checking Examples





































ScenarioCodeDescription
Single ability$user->can('update', $post)Check one ability
Multiple abilities (AND)$user->can(['update', 'publish'], $post)All must pass
Multiple abilities (OR)$user->canAny(['update', 'publish'], $post)At least one must pass
Negation$user->cant('delete', $post)Check inability
No arguments$user->can('create-post')Global ability


Common Use Cases


Conditional UI Rendering:




Business Logic Guards:




Multiple Permission Checks:




Sources: src/Access/Authorizable.php10-43




Relationship to AuthorizesRequests


The Authorizable trait should not be confused with the AuthorizesRequests trait, which serves a different purpose:










































AspectAuthorizableAuthorizesRequests
PurposeAdd authorization methods to entities/modelsAdd authorization methods to controllers
Locationsrc/Access/Authorizable.phpsrc/Access/AuthorizesRequests.php
Used InUser models, other authorizable entitiesControllers, request handlers
Methodscan(), canAny(), cant(), cannot()authorize(), authorizeForUser()
BehaviorReturns boolean, non-throwingThrows AuthorizationException on failure
ContextUses $this as the userResolves user from current request


Method Comparison




Sources: src/Access/Authorizable.php1-44 src/Access/AuthorizesRequests.php1-77




Implementation Details


Method Signatures Table
































MethodSignatureLine Reference
can()public function can(iterable|string $abilities, mixed $arguments = []): boolsrc/Access/Authorizable.php15
canAny()public function canAny(iterable|string $abilities, mixed $arguments = []): boolsrc/Access/Authorizable.php23
cant()public function cant(iterable|string $abilities, mixed $arguments = []): boolsrc/Access/Authorizable.php31
cannot()public function cannot(iterable|string $abilities, mixed $arguments = []): boolsrc/Access/Authorizable.php39


Dependency Resolution


The trait relies on ApplicationContext::getContainer() from the Hyperf framework to resolve the Gate instance. This dependency resolution pattern:


    

  • Avoids constructor injection complexity in models
    • 

  • Ensures lazy resolution (Gate only retrieved when needed)
    • 

  • Maintains framework independence in the trait signature
    • 



Dependency Code: src/Access/Authorizable.php17 src/Access/Authorizable.php25


Trait Composition


The Authorizable trait can be composed with other traits on the same model:




Sources: src/Access/Authorizable.php10-43 src/Contracts/Authorizable.php7-13