This again has been a very handy bundle for me,

The way it works is by giving priority to uris(or routes).

NOTE: The logic for extracting roles out of user comes from a closure regitered in IoC in start.php. The default logic is:

IoC::register('bouncer: roles_extractor', function () {
	return function ($user) {
		return array_map(function ($r) { return $r->name; }, $user->roles);
	};
});

In config/rules.php, you define an array of uri-heads with the roles required for them example:

return array(
	'admin/acl/users/new' => array('superadmin'),
	'admin/acl/users/create' => array('superadmin'),
	'admin/acl/users/destroy' => array('superadmin'),
	'admin'       => array('admin', 'superadmin')
);

the Bouncer finds the best matched uri-head for the current uri and checks if current user is allowed to access that uri or not.

If a user doesn't have appropriate roles, it either shows a 403 forbidden page or (the view for the page is in bouncer/views/blocked.blade.php), or it throws a json-response with data ['error' => 'forbidden'] and header 403 based on whether the current uri is an api call or not (which works )

You can easily attach it to the before filter of the routes and be done with it like this:

Route::filter('before', function()
{
	if($user = Auth::user())
	{
		$result = Bouncer::investigate($user)->allow_or_block_on(URI::current());
		if($result !== true) return $result;
	}
	else
	{
		//do whatever
	}
});

This bundle plays really well with my gatekeeper bundle like this:

Route::filter('before', function()
{
	$result = Gatekeeper::inspect(URI::current())->result();
	if($result !== true) return $result;

	if($user = Auth::user())
	{
		$result = Bouncer::investigate($user)->allow_or_block_on(URI::current());
		if($result !== true) return $result;
	}
});