Gates — Simple Authorization Checks
Gates are closures that determine if a user is authorized to perform an action. They're defined in AuthServiceProvider and used for simple authorization checks that aren't tied to a specific model. Think of gates as route middleware for authorization.
Defining and Using Gates
// In AuthServiceProvider boot()
use Illuminate\Support\Facades\Gate;
public function boot(): void
{
Gate::define('manage-users', function (User $user) {
return $user->isAdmin();
});
Gate::define('update-post', function (User $user, Post $post) {
return $user->id === $post->user_id;
});
}
// Using Gates
// In controllers
if (Gate::allows('manage-users')) {
// User can manage users
}
if (Gate::denies('update-post', $post)) {
abort(403);
}
// authorize() throws 403 automatically
Gate::authorize('update-post', $post);
// In Blade
@can('update-post', $post)
<a href="{{ route('posts.edit', $post) }}">Edit</a>
@endcan
@cannot('manage-users')
<p>You don't have admin access.</p>
@endcannotTip
Tip
Practice Gates Simple Authorization Checks in small, isolated examples before integrating into larger projects. Breaking concepts into small experiments builds genuine understanding faster than reading alone.
Technical diagram.
Practice Task
Note
Practice Task — (1) Write a working example of Gates Simple Authorization Checks from scratch without looking at notes. (2) Modify it to handle an edge case (empty input, null value, or error state). (3) Share your solution in the Priygop community for feedback.
Quick Quiz
Common Mistake
Warning
A common mistake with Gates Simple Authorization Checks is skipping edge case testing — empty inputs, null values, and unexpected data types. Always validate boundary conditions to write robust, production-ready laravel code.