# Authorization

Lodata supports authorization via Laravel gates (opens new window).

Each API request will be checked via an ability named lodata. The gate will receive the standard $user argument, and a Flat3\Lodata\Helper\Gate object.

This object contains the type of request being made, the Lodata object it is being made against, the Lodata Transaction and in the case of an operation the arguments array will be provided.

TIP

When working with Lodata requests you should always get request information via the Transaction object, in case it's a batch request that has its own context.

This should be all the information needed for a gate policy to decide whether to allow the request.

At install time, Lodata runs in a readonly mode. Change the value of the readonly property in config/lodata.php to enable data modification operations.

This example shows how you could allow access to the Users entity set only if the user is an administrator.

<?php

namespace App\Providers;

use Flat3\Lodata\EntitySet;
use Flat3\Lodata\Helpers\Gate as LodataGate;
use Illuminate\Http\Request;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Facades\Gate;

class LodataServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
        Gate::define('lodata', function (User $user, LodataGate $gate) {
            $resource = $gate->getResource();

            if (!$resource instanceof EntitySet) {
                return true;
            }

            if ($resource->getIdentifier()->getName() === 'Users' && !$user->isAdministrator()) {
               return false;
            }

            return true;
        });
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34