[10.x] Can set custom Response for denial within Gate@inspect() (#47436)

* can set denial response on Gate

* fix docblocks for __construct

* formatting

* Update Gate.php

---------

Co-authored-by: Taylor Otwell <[email protected]>

Author: cosmastech

src/Illuminate/Auth/Access/Gate.php

@@ -68,6 +68,13 @@ class Gate implements GateContract
      */
     protected $stringCallbacks = [];
 
+    /**
+     * The default denial response for gates and policies.
+     *
+     * @var Illuminate\Auth\Access\Response|null
+     */
+    protected $defaultDenialResponse;
+
     /**
      * The callback to be used to guess policy names.
      *
@@ -87,9 +94,13 @@ class Gate implements GateContract
      * @param  callable|null  $guessPolicyNamesUsingCallback
      * @return void
      */
-    public function __construct(Container $container, callable $userResolver, array $abilities = [],
-                                array $policies = [], array $beforeCallbacks = [], array $afterCallbacks = [],
-                                callable $guessPolicyNamesUsingCallback = null)
+    public function __construct(Container $container,
+        callable $userResolver,
+        array $abilities = [],
+        array $policies = [],
+        array $beforeCallbacks = [],
+        array $afterCallbacks = [],
+        callable $guessPolicyNamesUsingCallback = null)
     {
         $this->policies = $policies;
         $this->container = $container;
@@ -398,7 +409,9 @@ public function inspect($ability, $arguments = [])
                 return $result;
             }
 
-            return $result ? Response::allow() : Response::deny();
+            return $result
+                ? Response::allow()
+                : ($this->defaultDenialResponse ?? Response::deny());
         } catch (AuthorizationException $e) {
             return $e->toResponse();
         }
@@ -857,6 +870,19 @@ public function policies()
         return $this->policies;
     }
 
+    /**
+     * Set the default denial response for gates and policies.
+     *
+     * @param  \Illuminate\Auth\Access\Response  $response
+     * @return $this
+     */
+    public function defaultDenialResponse(Response $response)
+    {
+        $this->defaultDenialResponse = $response;
+
+        return $this;
+    }
+
     /**
      * Set the container instance used by the gate.
      *

tests/Auth/AuthAccessGateTest.php

@@ -1109,6 +1109,42 @@ public function testClassesCanBeDefinedAsCallbacksUsingAtNotationForGuests()
 
         $this->assertFalse($gate->check('absent_invokable'));
     }
+
+    public function testCanSetDenialResponseInConstructor()
+    {
+        $gate = new Gate(container: new Container, userResolver: function () {
+            //
+        });
+
+        $gate->defaultDenialResponse(Response::denyWithStatus(999, 'my_message', 'abc'));
+
+        $gate->define('foo', function() { return false; });
+
+        $response = $gate->inspect('foo', new AccessGateTestDummy);
+
+        $this->assertTrue($response->denied());
+        $this->assertFalse($response->allowed());
+        $this->assertSame('my_message', $response->message());
+        $this->assertSame('abc', $response->code());
+        $this->assertSame(999, $response->status());
+    }
+
+    public function testCanSetDenialResponse()
+    {
+        $gate = new Gate(container: new Container, userResolver: function () {
+            //
+        });
+
+        $gate->define('foo', function() { return false; });
+        $gate->defaultDenialResponse(Response::denyWithStatus(404, 'not_found', 'xyz'));
+
+        $response = $gate->inspect('foo', new AccessGateTestDummy);
+        $this->assertTrue($response->denied());
+        $this->assertFalse($response->allowed());
+        $this->assertSame('not_found', $response->message());
+        $this->assertSame('xyz', $response->code());
+        $this->assertSame(404, $response->status());
+    }
 }
 
 class AccessGateTestClassForGuest