askill
laravel-policies

laravel-policiesSafety 100Repository

Authorization policies for resource access control. Use when working with authorization, permissions, access control, or when user mentions policies, authorization, permissions, can, ability checks.

laravel-policiesleeovery
14 stars
1.2k downloads
Updated 1/20/2026

Package Files

Loading files...
SKILL.md

Laravel Policies

Policies encapsulate authorization logic and delegate to permission systems.

Related guides:

Structure

<?php

declare(strict_types=1);

namespace App\Policies;

use App\Enums\Permission;
use App\Models\Order;
use App\Models\User;

class OrderPolicy
{
    public function viewAny(User $user): bool
    {
        return $user->can(Permission::ListOrders);
    }

    public function view(User $user, Order $order): bool
    {
        return $user->can(Permission::ViewOrders)
            && $order->customer_id === $user->customer_id;
    }

    public function create(User $user): bool
    {
        return $user->can(Permission::CreateOrders);
    }

    public function update(User $user, Order $order): bool
    {
        return $user->can(Permission::UpdateOrders)
            && $order->canBeModified()
            && $order->customer_id === $user->customer_id;
    }

    public function delete(User $user, Order $order): bool
    {
        return $user->can(Permission::DeleteOrders)
            && $order->isPending();
    }

    public function cancel(User $user, Order $order): bool
    {
        return $this->update($user, $order)
            && $order->canBeCancelled();
    }
}

Permission Enum

<?php

declare(strict_types=1);

namespace App\Enums;

use Henzeb\Enumhancer\Concerns\Comparison;
use Henzeb\Enumhancer\Concerns\Dropdown;

enum Permission: string
{
    use Comparison, Dropdown;

    case ListOrders = 'list orders';
    case ViewOrders = 'view orders';
    case CreateOrders = 'create orders';
    case UpdateOrders = 'update orders';
    case DeleteOrders = 'delete orders';
    case CancelOrders = 'cancel orders';
}

Standard Policy Methods

Laravel conventions for policy methods:

  • viewAny() - List/index
  • view() - Show single resource
  • create() - Create new resource
  • update() - Update resource
  • delete() - Delete resource
  • restore() - Restore soft-deleted
  • forceDelete() - Permanently delete

Custom methods for non-standard actions:

  • cancel()
  • approve()
  • ship()
  • etc.

Key Patterns

1. Delegate to Permission System

return $user->can(Permission::CreateOrders);

2. Ownership Checks

return $user->can(Permission::ViewOrders)
    && $order->customer_id === $user->customer_id;

3. State Checks

return $user->can(Permission::DeleteOrders)
    && $order->isPending();

4. Combine Existing Methods

public function cancel(User $user, Order $order): bool
{
    return $this->update($user, $order)
        && $order->canBeCancelled();
}

Usage in Routes

Route::get('/orders', [OrderController::class, 'index'])
    ->can('viewAny', Order::class);

Route::get('/orders/{order}', [OrderController::class, 'show'])
    ->can('view', 'order');

Route::post('/orders', [OrderController::class, 'store'])
    ->can('create', Order::class);

See routing-permissions.md for route authorization.

Summary

Policies should:

  • Use permission enums (not strings)
  • Check ownership when needed
  • Check state when needed
  • Delegate to permission system
  • Follow Laravel naming conventions
  • Stay simple and focused

Install

Download ZIP
Requires askill CLI v1.0+

AI Quality Score

92/100Analyzed 2/13/2026

A comprehensive and well-structured guide for implementing Laravel Policies. It covers class structure, permission enums, standard methods, common patterns (delegation, ownership, state checks), and route integration.

100
95
85
90
95

Metadata

Licenseunknown
Version-
Updated1/20/2026
Publisherleeovery

Tags

No tags yet.