In the latest release of the Laravel framework (v5.1.1) they've introduced authorization handling to the native framework. This allows you to integrate permissions checks and perform policy validation both on the backend and in the templates.

In addition to providing authentication services out of the box, Laravel also provides a simple way to organize authorization logic and control access to resources. There are a variety of methods and helpers to assist you in organizing your authorization logic.

The functionality includes the concepts of "abilities" (permissions, essentially) and validate the allow/deny status based on object properties, such as Users. The documentation shows how to perform the evaluations in the controllers, user model, form requests and even in the Blade templates. There's also a section on creating policies for more complex evaluations than just one-off permission checks.

To get a feel for what the community things of this new functionality, be sure to check out this Reddit thread with feedback, both positive and negative, on how it was implemented.

Johannes Schmitt has a new post about his "killer feature" he's added to the security for Symfony2 framework (as a bundle) - a new customized expression-based query language that's compiled down to native PHP to make permissions checking simpler and faster.

If you have used the Symfony2 Security Component to any modest degree, you will know that we have a quite heavy voting system which uses attributes like "IS_AUTHENTICATED_FULLY" to make authorization decisions. [...] If you are concerned about performance, then you should not be all too generous with the isGranted() calls. The second option would work as well, but writing a new voter each time you need to make a new check does not really seem ideal either. Fortunately, we can do better.

He includes an example of this expression language in a direct isGranted() call, a string that checks to see if a user has three different roles, and a snippet showing the same thing in the docblock comment of a controller method. The second is a bit more complex, checking for an admin role or if the user is the one that should be deleted. You can find more doucmentation here.

In a new post Edin Kadribasic shares his method for getting a Serendipity (a popular PHP-based blogging system) website up and running on a lighttpd server.

Well the basic install went pretty smoothly, but I wanted, of course, to use "friendly" URLs. For that Serendipity supplies .htaccess file with Apache mod_rewrite rules. With a little bit of effort it was possible for me to convert those into rewrite rules that lighttpd would understand.

He includes all of the rewrite rules lighttpd needs to mimic the responses of an Apache server in a rewrite-once statement, and a limitation on the files the server can send with an access-deny config line.

In a new post Edin Kadribasic shares his method for getting a Serendipity (a popular PHP-based blogging system) website up and running on a lighttpd server.

Well the basic install went pretty smoothly, but I wanted, of course, to use "friendly" URLs. For that Serendipity supplies .htaccess file with Apache mod_rewrite rules. With a little bit of effort it was possible for me to convert those into rewrite rules that lighttpd would understand.

He includes all of the rewrite rules lighttpd needs to mimic the responses of an Apache server in a rewrite-once statement, and a limitation on the files the server can send with an access-deny config line.