laravel-policies
Authorization policies for resource access control. Use when working with authorization, permissions, access control, or when user mentions policies, authorization, permissions, can, ability checks.
$ 安裝
git clone https://github.com/leeovery/claude-laravel /tmp/claude-laravel && cp -r /tmp/claude-laravel/skills/laravel-policies ~/.claude/skills/claude-laravel// tip: Run this command in your terminal to install the skill
SKILL.md
name: laravel-policies description: Authorization policies for resource access control. Use when working with authorization, permissions, access control, or when user mentions policies, authorization, permissions, can, ability checks.
Laravel Policies
Policies encapsulate authorization logic and delegate to permission systems.
Related guides:
- routing-permissions.md - Route-level authorization
- Enums - Permission enums
Structure
<?php
declare(strict_types=1);
namespace App\Policies;
use App\Enums\Permission;
use App\Models\Order;
use App\Models\User;
class OrderPolicy
{
public function viewAny(User $user): bool
{
return $user->can(Permission::ListOrders);
}
public function view(User $user, Order $order): bool
{
return $user->can(Permission::ViewOrders)
&& $order->customer_id === $user->customer_id;
}
public function create(User $user): bool
{
return $user->can(Permission::CreateOrders);
}
public function update(User $user, Order $order): bool
{
return $user->can(Permission::UpdateOrders)
&& $order->canBeModified()
&& $order->customer_id === $user->customer_id;
}
public function delete(User $user, Order $order): bool
{
return $user->can(Permission::DeleteOrders)
&& $order->isPending();
}
public function cancel(User $user, Order $order): bool
{
return $this->update($user, $order)
&& $order->canBeCancelled();
}
}
Permission Enum
<?php
declare(strict_types=1);
namespace App\Enums;
use Henzeb\Enumhancer\Concerns\Comparison;
use Henzeb\Enumhancer\Concerns\Dropdown;
enum Permission: string
{
use Comparison, Dropdown;
case ListOrders = 'list orders';
case ViewOrders = 'view orders';
case CreateOrders = 'create orders';
case UpdateOrders = 'update orders';
case DeleteOrders = 'delete orders';
case CancelOrders = 'cancel orders';
}
Standard Policy Methods
Laravel conventions for policy methods:
viewAny()- List/indexview()- Show single resourcecreate()- Create new resourceupdate()- Update resourcedelete()- Delete resourcerestore()- Restore soft-deletedforceDelete()- Permanently delete
Custom methods for non-standard actions:
cancel()approve()ship()- etc.
Key Patterns
1. Delegate to Permission System
return $user->can(Permission::CreateOrders);
2. Ownership Checks
return $user->can(Permission::ViewOrders)
&& $order->customer_id === $user->customer_id;
3. State Checks
return $user->can(Permission::DeleteOrders)
&& $order->isPending();
4. Combine Existing Methods
public function cancel(User $user, Order $order): bool
{
return $this->update($user, $order)
&& $order->canBeCancelled();
}
Usage in Routes
Route::get('/orders', [OrderController::class, 'index'])
->can('viewAny', Order::class);
Route::get('/orders/{order}', [OrderController::class, 'show'])
->can('view', 'order');
Route::post('/orders', [OrderController::class, 'store'])
->can('create', Order::class);
See routing-permissions.md for route authorization.
Summary
Policies should:
- Use permission enums (not strings)
- Check ownership when needed
- Check state when needed
- Delegate to permission system
- Follow Laravel naming conventions
- Stay simple and focused
Repository
leeovery
Author
leeovery/claude-laravel/skills/laravel-policies
5
Stars
0
Forks
Updated5d ago
Added1w ago