Laravel

Basic Laravel Policies Tutorial From Scratch

Laravel Policies Tutorial: The Laravel framework implements authorization in the form of gates and policies. Here, I will discuss

Laravel Policies

. So, After an introduction to policies, I will demonstrate the concepts by implementing a custom example.



Here, you can see a live demo on Laravel Policies

What is Laravel Policy?

Policies are classes that help you to organize authorization logic around any model resource. It has an elegant mechanism to ensure users are authorized to perform actions on resources.

The main purpose of Laravel Policy is to provide more control over the authorization such as:

  • A user can create an article.
  • The only user of the article can perform edit and delete operations.

I hope you are already aware of the built-in

Laravel authentication

system as that’s something crucial to learn the concept of authorization with Laravel Policies.



#1: Create a new laravel application

First, install Laravel Installer by typing the following command in your terminal.

After Laravel Installer, You can create a new fresh Laravel 5.8 Project by the following command.

installing laravel policies project

#2: Change Database Configuration

Now, Next step is to create a database and configure it. So first of all, create a database using PHPMyAdmin or Sequel Pro or any database tool then update the .env file and give Laravel access to a database you have created.

Once the configuration is done, you need to run the below command to view Laravel default tables and manually created tables in the database.

laravel policies database

Here, we are going to explain the Laravel Policies authorization concept using the example of articles.

In this tutorial, we are going to show you how to show edit and delete option to the owner of the article using Laravel Policies.

#3: Create a migration, related model and controller

Laravel installation already comes with the User model and migration. So, only we need to create a model, migration, and controller for articles.

In this tutorial, we are going to create an Article model and migration through below command.

Now, Open article migration file and add below fields to it

Once migration is ready, run the migration by the following command in the terminal.

#4: Creating Seeder Class

Here, we have also created a seeder class called ArticleSeederClass to seed the database with test data.

Run the below command to create a seeder class.

It will create a file called ArticleSeederClass inside database >> seeds directory. 

Open that file and replace with the below code.

We have added 5 test articles using Faker\Factory class.

Now,  Run the seeder class using db:seed Artisan command.

#5: Creating a Policy

Laravel provides make:policy artisan command. So, using this command you can generate a policy.

It will create an ArticlePolicy model in the app/Policies directory.

If you want to perform all CRUD operations within the policy model then you can run below command.

open the model and write below code.

Here, we have added policy logic for update and delete articles.

Hence, These methods will check if the article creator is this user or not and return true otherwise it will return false.

#6: Registering Policy model

Once you update your policy logic, it is time to register the policy in the app/Providers/AuthServiceProvider.

#7: Usage Of Policies

There are 3 ways to use the created policies.

  • By using blade directive in views.
  • Inside respective model.
  • By using a controller.

You can use policies by using one of the three ways.

Here, we have used the delete policy using @can and @cannot blade directive in the view file.

You can also use the same policies either in the Article Model or Controller.

It’s up to you which way you want to use.

#Policy Usage In Model

In the Article Model, you can use the same policy to check if the user can delete the article or not.

#Policy Usage In Controller

You can also define the usage of the same policy inside the delete() method of Article controller.


Finally, I have completed the

Laravel Policies Tutorial with an example

. You can use the polices to create a full-fledge permissions management system. Thank you.


About the author

Siddharth Ghedia

Hi, my name is Siddharth. I'm from Rajkot, Gujarat, India. I'm passionate about Laravel. I have over 4 years of experience in Web Development. I work in the technologies like: Laravel, Vue, React, React Native, Angular, IONIC.

I've created this blog for sharing my knowledge with other developer who are willing to start and build their career in the technologies that I work in.

Leave a Comment