Weave Code
Assertion Voter Bundle Laravel Package
appsco/assertion-voter-bundle
Assertion Voter Bundle
Frequently asked questions about Assertion Voter Bundle
- Can I use this bundle directly in Laravel, or is it only for Symfony?
- This bundle is originally designed for Symfony 2.x, but you can adapt it for Laravel by replacing Symfony’s dependency injection with Laravel’s service container and using Laravel’s Eloquent or Query Builder instead of Doctrine ORM/DBAL. The core logic (assertions and voters) can be ported with minimal effort.
- What Laravel versions does this bundle support?
- The bundle itself was last updated for Symfony 2.x (2014), so it doesn’t natively support Laravel 10+. However, you can fork and refactor it to work with modern Laravel by replacing deprecated Symfony components (e.g., EventDispatcher with Laravel’s Events system) and updating dependencies.
- How do I configure custom assertion rules in Laravel?
- You’d need to create a custom `DecisionMaker` class implementing the bundle’s interface and bind it to Laravel’s service container. Then, configure it in `config/assertion-voter.php` (after porting the Symfony config). Rules can be defined as closures or methods, similar to Laravel’s Gates.
- Is this bundle better than Laravel’s built-in Gates or Policies?
- This bundle excels for complex, assertion-based authorization (e.g., dynamic claims like `department=finance`). Laravel’s Gates/Policies are simpler for coarse-grained RBAC. If you need fine-grained, context-aware rules, this bundle (or a refactored version) could be worth the effort.
- Can I use Eloquent models instead of Doctrine ORM for VoterRecord?
- Yes. Replace the Doctrine `VoterRecord` entity with an Eloquent model and update the `voter_record_provider` in config to point to a custom provider wrapping Eloquent queries. The bundle’s `VoterRecordProviderInterface` can be implemented to work with Laravel’s ORM.
- What’s the performance impact of using this bundle in a high-traffic Laravel app?
- Performance depends on your `VoterRecordProvider` implementation. For large datasets, optimize queries (e.g., caching resolved roles in Redis) or use DBAL for raw SQL. Benchmark with your expected scale—10K assertions should be manageable, but 1M may require caching or async resolution.
- How do I integrate this with Laravel’s authentication (e.g., Sanctum, Passport)?
- Extend the bundle’s `RoleResolver` to fetch assertions from your auth system (e.g., Sanctum’s user payload or Passport’s OAuth2 scopes). Bind the resolver to Laravel’s container and configure it in `assertion-voter.php`. Assertions can mirror your auth claims or roles.
- Are there alternatives to this bundle for Laravel?
- For simple RBAC, use Laravel’s native Gates or Policies. For role-based systems, Spatie’s `laravel-permission` is a drop-in solution. If you need assertion-heavy logic (e.g., JWT claims), consider custom middleware or a lightweight package like `spatie/laravel-activitylog` for auditing.
- How do I test this bundle in Laravel?
- Write unit tests for custom providers/decision makers using Laravel’s testing helpers (e.g., `actingAs`). Mock the `VoterRecordProvider` and `RoleResolver` to isolate logic. For integration tests, use Pest or PHPUnit to verify assertions resolve correctly in controllers/middleware.
- What’s the migration path to use this in Laravel without forking?
- Start by wrapping the bundle in a Laravel package (e.g., `laravel-assertion-voter`) with adapters for Laravel’s container, Events, and Eloquent. Phase 1: Replace Symfony DI with Laravel bindings. Phase 2: Swap Doctrine ORM for Eloquent. Phase 3: Add Laravel-specific config publishing and caching support.
Weaver
How can I help you explore Laravel packages today?