Option for custom logic for checking permissions (spatie#1891)

* option for custom logic for checking permissions added

* tests

* docs for Custom Permission Check added

Author: ulhaq

config/permission.php

@@ -96,6 +96,13 @@
         'team_foreign_key' => 'team_id',
     ],
 
+    /*
+     * When set to true, the method for checking permissions will be registered on the gate.
+     * Set this to false, if you want to implement custom logic for checking permissions.
+     */
+
+    'register_permission_check_method' => true,
+
     /*
      * When set to true the package implements teams using the 'team_foreign_key'. If you want
      * the migrations to register the 'team_foreign_key', you must set this to true

docs/advanced-usage/custom-permission-check.md

@@ -0,0 +1,29 @@
+---
+title: Custom Permission Check
+weight: 6
+---
+
+By default, a method is registered on [Laravel's gate](https://laravel.com/docs/authorization). This method is responsible for checking if the user has the required permission or not. Whether a user has a permission or not is determined by checking the user's permissions stored in the database.
+
+However, in some cases, you might want to implement custom logic for checking if the user has a permission or not.
+
+Let's say that your application uses access tokens for authentication and when issuing the tokens, you add a custom claim containing all the permissions the user has. In this case, if you want to check whether the user has the required permission or not based on the permissions in your custom claim in the access token, then you need to implement your own logic for handling this.
+
+You could, for example, create a `before` method to handle this:
+
+**app/Providers/AuthServiceProvider.php**
+```php
+public function boot()
+{
+    ...
+
+    Gate::before(function ($user, $ability) {
+        return $user->hasTokenPermission($ability) ?: null;
+    });
+}
+```
+Here `hasTokenPermission` is a custom method you need to implement yourself.
+
+### Register Permission Check Method
+By default, `register_permission_check_method` is set to `true`.
+Only set this to false if you want to implement custom logic for checking permissions.

docs/advanced-usage/other.md

@@ -1,6 +1,6 @@
 ---
 title: Other
-weight: 8
+weight: 9
 ---
 
 Schema Diagram:

docs/advanced-usage/phpstorm.md

@@ -1,6 +1,6 @@
 ---
 title: PhpStorm Interaction
-weight: 7
+weight: 8
 ---
 
 # Extending PhpStorm 

docs/advanced-usage/timestamps.md

@@ -1,6 +1,6 @@
 ---
 title: Timestamps
-weight: 8
+weight: 10
 ---
 
 ### Excluding Timestamps from JSON

docs/advanced-usage/ui-options.md

@@ -1,6 +1,6 @@
 ---
 title: UI Options
-weight: 10
+weight: 11
 ---
 
 ## Need a UI?

docs/advanced-usage/uuid.md

@@ -1,6 +1,6 @@
 ---
 title: UUID
-weight: 6
+weight: 7
 ---
 
 If you're using UUIDs or GUIDs for your User models there are a few considerations to note.

src/PermissionServiceProvider.php

@@ -22,8 +22,10 @@ public function boot(PermissionRegistrar $permissionLoader)
 
         $this->registerModelBindings();
 
-        $permissionLoader->clearClassPermissions();
-        $permissionLoader->registerPermissions();
+        if ($this->app->config['permission.register_permission_check_method']) {
+            $permissionLoader->clearClassPermissions();
+            $permissionLoader->registerPermissions();
+        }
 
         $this->app->singleton(PermissionRegistrar::class, function ($app) use ($permissionLoader) {
             return $permissionLoader;

tests/CustomGateTest.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace Spatie\Permission\Test;
+
+use Illuminate\Contracts\Auth\Access\Gate;
+
+class CustomGateTest extends TestCase
+{
+    protected function getEnvironmentSetUp($app)
+    {
+        parent::getEnvironmentSetUp($app);
+
+        $app['config']->set('permission.register_permission_check_method', false);
+    }
+
+    /** @test */
+    public function it_doesnt_register_the_method_for_checking_permissions_on_the_gate()
+    {
+        $this->testUser->givePermissionTo('edit-articles');
+
+        $this->assertEmpty(app(Gate::class)->abilities());
+        $this->assertFalse($this->testUser->can('edit-articles'));
+    }
+
+    /** @test */
+    public function it_can_authorize_using_custom_method_for_checking_permissions()
+    {
+        app(Gate::class)->define('edit-articles', function () {
+            return true;
+        });
+
+        $this->assertArrayHasKey('edit-articles', app(Gate::class)->abilities());
+        $this->assertTrue($this->testUser->can('edit-articles'));
+    }
+}

tests/TestCase.php

@@ -79,6 +79,7 @@ protected function getPackageProviders($app)
      */
     protected function getEnvironmentSetUp($app)
     {
+        $app['config']->set('permission.register_permission_check_method', true);
         $app['config']->set('permission.teams', $this->hasTeams);
         $app['config']->set('permission.testing', true); //fix sqlite
         $app['config']->set('permission.column_names.model_morph_key', 'model_test_id');