How does MoonShine handle authorization and access control

Authentication

- MoonShine has a built-in authentication system that is enabled by default. It can be disabled in the `config/moonshine.php` file if needed[1].
- You can override the authentication middleware, guard, user model, and login/profile pages in the configuration[1].
- MoonShine allows adding custom logic to the authentication process using pipelines specified in the configuration[1].

Authorization

- MoonShine leverages Laravel's policy system for authorization. Each resource controller method is checked for permissions[2].
- To enable authorization, you need to set the `withPolicy` property to `true` in your resource class[2].
- You can generate a policy using the `moonshine:policy` artisan command. It provides methods for various CRUD operations[2].
- Additional authorization logic can be added in the `AuthServiceProvider` using the `defineAuthorization` method[2].

User Permissions

- The Moonshine Database Manager package, which extends MoonShine for database management, relies on the Laravel Gate system for authentication[3].
- You need to enable the `auth` option in the `moonshine-database.php` configuration and implement your own authorization logic in the `AuthServiceProvider`[3].

Access Control

- Laravel provides built-in functionality for enforcing access control, such as middleware filtering and authorization policies[4].
- Middleware can be used to restrict access to certain routes based on authentication and authorization checks[4].
- Authorization policies are classes that define rules to determine if a user can perform an action on a resource[4].

By leveraging Laravel's authentication and authorization features, along with the additional mechanisms provided by MoonShine, you can effectively handle authorization and access control in your Laravel applications built with MoonShine.