Home » Laravel Tutorial » Laravel – Authorization

Laravel – Authorization

In authorization, the system or the web application checks if the authenticated users can access the resources that they are trying to access or make a request for. In other words, it checks their rights and permissions over the requested resources. If it finds that they can access the resources, it means that they are authorized.

Authorization involves checking the rights and permissions over the resources that an authenticated user has.

Authorization Mechanism in Laravel

Laravel provides a simple mechanism for authorization that contains two primary ways, namely Gates and Policies.

Writing Gates and Policies

Gates are used to determine if a user is authorized to perform a specified action. They are typically defined in App/Providers/AuthServiceProvider.php using Gate facade. Gates are also functions which are declared for performing authorization mechanism.

Policies are declared within an array and are used within classes and methods which use authorization mechanism.

The following lines of code explain you how to use Gates and Policies for authorizing a user in a Laravel web application. Note that in this example, the boot function is used for authorizing the users.


namespace App\Providers;

use Illuminate\Contracts\Auth\Access\Gate as GateContract;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider{
      * The policy mappings for the application.
      * @var array
   protected $policies = [
      'App\Model' => 'App\Policies\ModelPolicy',
      * Register any application authentication / authorization services.
      * @param \Illuminate\Contracts\Auth\Access\Gate $gate
      * @return void
   public function boot(GateContract $gate) {

Check Also

Laravel – Hashing

Hashing is the process of transforming a string of characters into a shorter fixed value …

Leave a Reply

Your email address will not be published. Required fields are marked *