Authorization

Authorization

• Introduction
• Gates
  • Writing Gates
  • Authorizing Actions
• Creating Policies
  • Generating Policies
  • Registering Policies
• Writing Policies
  • Policy Methods
  • Methods Without Models
  • Policy Filters
• Authorizing Actions Using Policies
  • Via The User Model
  • Via Middleware
  • Via Controller Helpers
  • Via Blade Templates

Introduction

In addition to providing authentication services out of the box, Laravel also provides a simple way to authorize user actions against a given resource. Like authentication, Laravel's approach to authorization is simple, and there are two primary ways of authorizing actions: gates and policies.

Think of gates and policies like routes and controllers. Gates provide a simple, Closure based approach to authorization while policies, like controllers, group their logic around a particular model or resource. We'll explore gates first and then examine policies.

It is important to not view gates and policies as mutually exclusive for your application. Most applications will most likely contain a mixture of gates and policies, and that is perfectly fine! Gates are most applicable to actions which are not related to any model or resource, such as viewing an administrator dashboard. In contrast, policies should be used when you wish to authorize an action for a particular model or resource.

Gates