Laravel Authorization Policies


Policies are classes that help you organise authorisation logic around a model resource. Using our previous example, we might have a ContentPolicy that manages user access to the Content model.

To make ContentPolicy, laravel provides an artisan command. Simply run

php artisan make:policy ContentPolicy

This will make an empty policy class and place in app/Policies folder. If the folder does not exist, Laravel will create it and place the class inside.

Once created, policies need to be registered to help Laravel know which policies to use when authorising actions on models. Laravel's AuthServiceProvider, which comes with all fresh Laravel installations, has a policies property which maps your eloquent models to their authorisation policies. All you need to do add the mapping to the array.

protected $policies = [
    Content::class => ContentPolicy::class,