Laravel Gates and Policies

2 min read

Gates and Policies let you define authorization rules — who can do what — in a clean, reusable way.

1 - Defining Gates

// In a Service Provider boot() method
use Illuminate\Support\Facades\Gate;

Gate::define('edit-post', function (User $user, Post $post) {
    return $user->id === $post->user_id;
});

// Using a gate
if (Gate::allows('edit-post', $post)) {
    // Can edit
}

Gate::authorize('edit-post', $post); // Throws 403 if denied

2 - Creating a Policy

php artisan make:policy PostPolicy --model=Post

class PostPolicy
{
    public function update(User $user, Post $post): bool
    {
        return $user->id === $post->user_id;
    }

    public function delete(User $user, Post $post): bool
    {
        return $user->id === $post->user_id || $user->isAdmin();
    }
}

3 - Using Policies

// In a controller
public function update(Request $request, Post $post)
{
    $this->authorize('update', $post);
    // ...
}

// In Blade
@can('update', $post)
    <a href="{{ route('posts.edit', $post) }}">Edit</a>
@endcan

@cannot('delete', $post)
    <span>You cannot delete this post.</span>
@endcannot

$Laravel {"id":53,"topic_id":1,"name":"Authentication & Authorization","slug":"authentication-authorization","image":null,"description":"<p>Learn how to authenticate users and control access to resources using Laravel's built-in auth tools.<\/p>","icon":null,"class":null,"color":null,"status":0,"order":6,"created_at":"2026-05-03T18:51:15.000000Z","updated_at":"2026-05-03T18:51:15.000000Z"} - List of Contents$

Learn Laravel

Introduction

Installation and Setup

Configuration

Routing and Controllers

Views & Blade Templates

Database & Eloquent ORM

Forms & Validation

Authentication & Authorization

Artisan & Console

Testing in Laravel

Laravel More Contents