Laravel 10.14 Released
This week, the Laravel team released v10.14 with a new can validation rule, define custom Gate denial response, global HTTP client middleware, HTTP client convenience methods, and more:
Recently merged into Laravel, the Rule::can validation rule, allowing you to authorize an ability on form inputs! 🤩 This allows you to move some authorization logic from the controller and into the form request -- and display a validation error, rather than handling it yourself. pic.twitter.com/UvC52Q8WZa
— Steve Bauman (@ste_bau) June 22, 2023
The can validation rule
Steve Bauman contributed the Rule::can() validation rule, which provides a way to authorize an ability for a given form field. Here's the example given in Pull Request #47371. Given the following PostPolicy:
// Given the following policy
class PostPolicy
{
// ...
public function updateAuthor(User $user, Post $post)
{
return $user->isAdmin();
}
}
We can validate that the user has the ability to update the author:
use App\Models\Post;
class PostRequest extends FormRequest
{
public function rules()
{
return [
'author' => Rule::can('update-author', Post::class, $this->route('post')),
'title' => '...',
'body' => '...',
];
}
}
Set a custom response for denial within Gate@inspect()
Luke Kuzmish contributed the ability to set a response returned when a Gate's inspect() method fails. For example, when using in conjunction with the can() middleware:
class AppServiceProvider extends ServiceProvider
{
public function boot()
{
Gate::setDenialResponse(Response::denyAsNotFound());
}
}
Global HTTP middleware
Tim MacDonald contributed the ability to define global HTTP client middleware that is applied to every request made with the HTTP client:
// In a service provider...
use Illuminate\Support\Facades\Http;
// Global request middleware
Http::globalRequestMiddleware(
fn ($request) => $request->withHeader('User-Agent', 'Laravel Framework/1.0')
);
// Global response middleware
Http::globalResponseMiddleware(
fn ($response) => $response->withHeader('X-Finished-At', now()->toDateTimeString())
);
// Complete global middleware that wraps both request and response
Http::globalMiddleware(function ($handler) {
return function ($request, $options) use ($handler) {
$startedAt = now();
return $handler($request, $options)
->then(fn ($response) => $response->withHeader(
'X-Duration', $startedAt->diffInMilliseconds(now())
));
};
});
You can also define one-time middlware—check out all the details in Pull Request #47525 to see what's possible!
Add a withHeader() method to PendingRequest
Ralph J. Smit contributed a withHeader method to set a singular header when using the HTTP client:
// Using an array
Http::baseUrl(config('services.active-campaign.endpoint') . '/api/3')
->withHeaders([
'Api-Token' => config('services.active-campaign.token')
])
->acceptJson();
// Setting a single header using `withHeader()`
Http::baseUrl(config('services.active-campaign.endpoint') . '/api/3')
->withHeader('Api-Token', config('services.active-campaign.token'))
->acceptJson();
Add withQueryParameters convenience method to the HTTP client
Matthieu Napoli contributed a withQueryParameters() method as a convenience for defining query parameters that should always be defined on an HTTP request:
// Using `withOptions()`
Http::baseUrl('https://api.convertkit.com/v3/')
->withOptions([
'query' => [
'api_secret' => config('services.convertkit.api_secret'),
],
])
->acceptJson();
// Using the new `withQueryParameters()` method
Http::baseUrl('https://api.convertkit.com/v3/')
->withQueryParameters([
'api_secret' => config('services.convertkit.api_secret'),
])
->acceptJson();
Release Notes
You can see the complete list of new features and updates below and the diff between 10.13.0 and 10.14.0 on GitHub. The following release notes are directly from the changelog: