Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[10.x] Can set custom Response for denial within Gate@inspect() #47436

Merged
merged 4 commits into from
Jun 14, 2023
Merged

[10.x] Can set custom Response for denial within Gate@inspect() #47436

merged 4 commits into from
Jun 14, 2023

Conversation

cosmastech
Copy link
Contributor

@cosmastech cosmastech commented Jun 14, 2023
edited
Loading

Allow setting the Response returned when a Gate's inspect() method fails. This is particularly helpful when using the can middleware.

class AppServiceProvider extends ServiceProvider
{
    public function boot()
    {
        Gate::setDenialResponse(Response::denyAsNotFound());
    }
}

While it's possible to return a response from a Policy's method (or throw an Exception), this can lead to a lot of duplicated code. I personally think it makes more sense to return a bool in most cases.

Being able to deny as not found is beneficial for security, as it doesn't expose whether a resource is matched or if the user is just unauthorized.

@taylorotwell taylorotwell merged commit adc2dc4 into laravel:10.x Jun 14, 2023
@cosmastech cosmastech deleted the feature/set-gate-response-type branch June 20, 2023 22:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cosmastech @taylorotwell