Laravel - Authorization

In the previous chapter, we learned about the authentication process in Laravel. This chapter describes the authorization process in Laravel.

The difference between authentication and authorization

Before diving into the Laravel authorization process, let's understand the difference between authentication and authorization.

During authentication, the system or web application identifies its users using the credentials they provide. If it finds that the credentials are valid, they are authenticated, or they are not.

During authorization , the system or web application checks whether authenticated users can access or make a request to the resources they are trying to access. In other words, it checks their rights and permissions on the requested resources. If it detects that they can access resources, it means they are authorized.

Thus, authentication involves checking the validity of the user's credentials, and authorization includes checking the rights and permissions on resources that the authenticated user has.

Authorization mechanism in Laravel

Laravel provides a simple authorization mechanism that contains two main methods: Gates and Policies .

Writing gates and policies

Gates are used to determine if a user is authorized to perform a particular action. Typically they are defined in App/Providers/AuthServiceProvider.php using Gate Gate. Gates are also functions that are declared to execute the authorization mechanism.

Policies are declared in an array and are used inside classes and methods that use the authorization mechanism.

The following lines of code explain how to use Gates and Policies to authorize a user in a Laravel web application. Note that in this example, the upload function is used to authorize users.