[5.7] Allow Gate::after() callbacks to provide a result

[JosephSilber]

For example, imagine we wanted to grant admins every ability. But locked posts can't be edited by anyone, even an admin. They have to first be unlocked (this is just a trivial example).

Registering a general before callback (with Gate::before()), there's no way to accomplish this. Instead, we can do it via an after callback:

Gate::after(function ($user) {
    if ($user->isAdmin()) {
        return true;
    }
});

With this in place, any ability that was not granted by a policy et al will be granted here for admins, while still being able to explicitly return false from any policy method to disallow it for everyone (of course, the user would have to be careful to generally not return false from policies. Only when they want to deny everyone explicitly).

---

My main motivation for this is for use in Bouncer, where we currently run all of our DB permission checks in a before callback. This works great, but means that policies no longer work, because the call is intercepted by Bouncer in many cases.

Instead, we would love to be able to register our logic as an after callback. This way, the policies can all run and do their thing. If any of them return a non-null result, that would be used. Otherwise, Bouncer will run its checks.

You can read more about our need for this in this discussion: JosephSilber/bouncer#264, specifically this comment.

[drbyte]

@JosephSilber am I correct in observing that the Laravel Docs for 5.7 need updating to reflect this change to Gate::after?
Or am I mis-reading the change here?
https://laravel.com/docs/5.7/authorization#intercepting-gate-checks

[JosephSilber]

Good catch. That has to be changed now.