PHPackages memdev/laravel-frontend-policy - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. memdev/laravel-frontend-policy ActiveProject[Authentication & Authorization](/categories/authentication) memdev/laravel-frontend-policy ============================== Using Laravel's authorization on the front-end. 0.6.0(11mo ago)1898MITPHPPHP ^7.2.5 | ^8.0 Since Jun 5Pushed 11mo agoCompare [ Source](https://github.com/memdev/laravel-frontend-policy)[ Packagist](https://packagist.org/packages/memdev/laravel-frontend-policy)[ RSS](/packages/memdev-laravel-frontend-policy/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (3)Dependencies (5)Versions (11)Used By (0) Policy ====== [](#policy) Using Laravel's authorization on the front-end. A nice tool for SPAs and front-end heavy applications. If you want to see behind the package, we suggest to read this post: [Implementing Laravel’s Authorization on the Front-End](https://pineco.de/implementing-laravels-authorization-front-end/). ### Table of contents [](#table-of-contents) 1. [Getting Started](#getting-started) 2. [Publishing and setting up the JavaScript library](#publishing-and-setting-up-the-javascript-library) - [Setting up the Gate.js](#setting-up-the-gatejs) - [Initializing a gate instance](#initializing-a-gate-instance) - [Passing the user to the gate instance](#passing-the-user-to-the-gate-instance) - [Using it as a Vue service](#using-it-as-a-vue-service) - [The @currentUser blade directive](#the-currentuser-blade-directive) 3. [Using the policies and the Gate.js](#using-the-policies-and-the-gatejs) - [The available methods](#the-available-methods) - [Adding the UsesModelName trait to the models](#adding-the-usesmodelname-trait-to-the-models) - [Generating policies with artisan](#generating-policies-with-artisan) - [Writing the policy rules](#writing-the-policy-rules) 4. [Example](#example) 5. [Contribute](#contribute) Getting started --------------- [](#getting-started) You can install the package with composer, running the `composer require thepinecode/policy` command. Since the package supports auto-discovery, Laravel will register the service provider automatically behind the scenes. In some cases you may disable auto-discovery for this package. You can add the provider class to the `dont-discover` array to disable it. Then you need to register it manually again. Publishing and setting up the JavaScript library ------------------------------------------------ [](#publishing-and-setting-up-the-javascript-library) By default the package provides a `Gate.js` file, that will handle the policies. Use the `php artisan vendor:publish` command and choose the `Pine\Policy\PolicyServiceProvider` provider. After publishing you can find your fresh copy in the `resources/js/policies` folder if you are using Laravel 5.7+. If your application is lower than 5.7, the JS will be published in the `resources/assets/js/policies`. ### Setting up the Gate.js [](#setting-up-the-gatejs) Then you can import the `Gate` class and assign it to the `window` object. ``` import Gate from './policies/Gate'; window.Gate = Gate; ``` ### Initializing a gate instance [](#initializing-a-gate-instance) From this point you can initialize the translation service anywhere from your application. ``` let gate = new Gate; ``` ### Passing the user to the gate instance [](#passing-the-user-to-the-gate-instance) The `Gate` object requires a passed user to work properly. This can be a `string` or an `object`. By default, it looks for the `window['user']` object, however you may customize the key or the object itself. ``` let gate = new Gate; // window['user'] let gate = new Gate('admin'); // window['admin'] let gate = new Gate({ ... }); // uses the custom object ``` > Note, you can pass any object as a *user*. If you pass a team or a group object, it works as well. Since you define the logic behind the `Gate`, you can pass anything you wish. ### Using it as a Vue service [](#using-it-as-a-vue-service) If you want to use it from Vue templates directly you can extend Vue with this easily. ``` Vue.prototype.$Gate = new Gate; ``` ``` ... ``` ``` computed: { hasPermission: { return this.$Gate.allow('view', this.model); } } ``` ### The @currentUser blade directive [](#the-currentuser-blade-directive) To make it quicker, the package comes with a `@currentUser` blade directive. This does nothing more, but to print the currently authenticated user as `JSON` and assign it to the `window` object. ``` @currentUser window['user'] = { ... }; ``` You may override the default key for the user. You can do that by passing a string to the blade directive. ``` @currentUser ('admin') window['admin'] = { ... }; ``` > If there is no authenticated user, the value will be `null`. Using the policies and the Gate.js ---------------------------------- [](#using-the-policies-and-the-gatejs) ### The available methods [](#the-available-methods) #### allow() [](#allow) The `allow()` accepts two parameters. The first is the action to perform, the second is the **model object** or the **model name**, like in Laravel. > Note: **model name** should be a lower case version of the actual model name in Laravel: for example `Comment` becomes `comment`. ``` gate.allow('view', model); gate.allow('create', 'comment'); ``` #### deny() [](#deny) The `deny()` has the same signature like `allow()` but it will negate its return value. ``` gate.deny('view', model); gate.deny('create', 'comment'); ``` #### before() [](#before) Like in Laravel, in the `before()` method you can provide a custom logic to check for special conditions. If the condition passes, the rest of the policy rules in the `allow()` or `deny()` won't run at all. However if the condition fails, the policy rules will get place. To use the `before()` method, you may extend the gate object and define your custom logic. ``` Gate.prototype.before = function () { return this.user.is_admin; } ``` > Please note, to use the `this` object correctly, **use the traditional function signature instead of the arrow (() => {}) functions**. ### Adding the `UsesModelName` trait to the models [](#adding-the-usesmodelname-trait-to-the-models) Since, the policies use real JSON shaped eloquent models, the models have to use the `Pine\Policy\UsesModelName`trait that generates the proper model name. This model name attribute is used for pairing the proper policy with the model by the `Gate.js`. ``` use Pine\Policy\UsesModelName; use Illuminate\Database\Eloquent\Model; class Comment extends Model { use UsesModelName; protected $appends = ['model_name']; } ``` > Please note, to be able to use this attribute on the front-end, the attribute has to be appended to the JSON form. You can read more about appending values to JSON in the [docs](https://laravel.com/docs/master/eloquent-serialization#appending-values-to-json). ### Generating policies with artisan [](#generating-policies-with-artisan) The package comes with an artisan command by default, that helps you to generate your JavaScript policies easily. To make a policy, run the `php artisan make:js-policy Model` command, where the `Model` is the model's name. ``` php artisan make:js-policy Comment ``` This command will create the `CommentPolicy.js` file next to the `Gate.js` in the `resources/js/policies` directory. If you are using lower than Laravel 5.7, the policies will be generated in the `resources/assets/js/policies` directory. > Note, the command will append the `Policy` automatically in the file name. It means you may pass only the model name when running the command. After you generated the policy files, use `npm` to compile all the JavaScript, including policies. --- #### Important! [](#important) **The policies are registered automatically**. It means, no need for importing them manually. The gate instance will **automatically** populate the policies. Every policy will be used where it matches with the model's `model_name` attribute. Based on [Laravel's default app.js](https://github.com/laravel/laravel/blob/master/resources/js/app.js#L19-L20)the Gate instance [registers the policies automatically](https://github.com/thepinecode/policy/blob/master/resources/js/Gate.js#L14-L18)when calling `npm run dev`, `npm run prod` and so on. --- ### Writing the policy rules [](#writing-the-policy-rules) Policies – like in Laravel – have the following methods by default: `viewAny`, `view`, `create`, `update`, `restore`, `delete` and `forceDelete`. Of course, you can use custom methods as well, policies are fully customizables. ``` ... view(user, model) { return user.id == model.user_id; } create(user) { return user.is_admin; } approve(user, model) { return user.is_editor && user.id == model.user_id; } ... ``` Example ------- [](#example) ``` // app.js Vue.prototype.$Gate = new Gate; Vue.component('posts', { mounted() { axios.get('/api/posts') .then(response => this.posts = response.data); }, data() { return { posts: [], }; }, template: ` Create post ` }); let app = new Vue({ // }) ``` ``` @currentUser ``` Contribute ---------- [](#contribute) If you found a bug or you have an idea connecting the package, feel free to open an issue. ### Health Score 38 — LowBetter than 84% of packages Maintenance54 Moderate activity, may be stable Popularity18 Limited adoption so far Community9 Small or concentrated contributor base Maturity60 Established project with proven stability Bus Factor1 Top contributor holds 86.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~243 days Recently: every ~430 days Total 10 Last Release 340d ago PHP version history (3 changes)v0.1.0PHP ^7.1 v0.3.0PHP ^7.2.5 v0.4.1PHP ^7.2.5 | ^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/540320d4804f7add05f4a82824eda7ad73055963bed3e3b5277a6b61a216cce5?d=identicon)[memdev](/maintainers/memdev) --- Top Contributors [![iamgergo](https://avatars.githubusercontent.com/u/6567179?v=4)](https://github.com/iamgergo "iamgergo (53 commits)")[![manuelteuber](https://avatars.githubusercontent.com/u/655280?v=4)](https://github.com/manuelteuber "manuelteuber (4 commits)")[![Phancie](https://avatars.githubusercontent.com/u/29276830?v=4)](https://github.com/Phancie "Phancie (4 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/memdev-laravel-frontend-policy/health.svg) ``` [![Health](https://phpackages.com/badges/memdev-laravel-frontend-policy/health.svg)](https://phpackages.com/packages/memdev-laravel-frontend-policy) ``` ### Alternatives [lab404/laravel-impersonate Laravel Impersonate is a plugin that allows to you to authenticate as your users. 2.3k16.4M48](/packages/lab404-laravel-impersonate)[santigarcor/laratrust This package provides a flexible way to add Role-based Permissions to Laravel 2.3k5.4M42](/packages/santigarcor-laratrust)[overtrue/laravel-follow User follow unfollow system for Laravel. 1.2k404.7k5](/packages/overtrue-laravel-follow)[codegreencreative/laravel-samlidp Make your PHP Laravel application an Identification Provider using SAML 2.0. This package allows you to implement your own Identification Provider (idP) using the SAML 2.0 standard to be used with supporting SAML 2.0 Service Providers (SP). 263763.5k1](/packages/codegreencreative-laravel-samlidp) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)