A middleware to check abilities on the route level
Laravel's native authorization functionality allows you to define abilities a user can have. There are multiple ways to check if a user has a certain ability: via the facade, via the user model, within blade templates and within form requests.
What Laravel doesn't provide out of the box is a middleware to check abilities on the route-level. So I made that middleware myself and released it as a package on GitHub.
Here's a simple example to give you an idea what it can do:
// only users with the viewTopSecretPage-ability be
// able to see this
Route::get('/top-secret-page', [
'middleware'=> 'can:viewTopSecretPage',
'uses' => 'TopSecretController@index',
]);
Route groups can be used to apply the middleware to a bunch of routes:
Route::group(['prefix' => 'admin', 'middleware' => 'can:viewAdmin'], function() {
//all the controllers of your admin section
...
});
I've provided a readme with full installation instructions and some examples.
If you like the package, be sure to check out the other Spatie Laravel packages.