陌讯skills聚合平台

laravel-policies

📁 leeovery/claude-laravel 📅 Jan 24, 2026
21
总安装量
12
周安装量
#17406
全站排名
安装命令
npx skills add https://github.com/leeovery/claude-laravel --skill laravel-policies

Agent 安装分布

claude-code 11
codex 9
opencode 9
antigravity 9
cursor 8
gemini-cli 8

Skill 文档

Laravel Policies

Policies encapsulate authorization logic and delegate to permission systems.

Related guides:

Structure

<?php

declare(strict_types=1);

namespace App\Policies;

use App\Enums\Permission;
use App\Models\Order;
use App\Models\User;

class OrderPolicy
{
    public function viewAny(User $user): bool
    {
        return $user->can(Permission::ListOrders);
    }

    public function view(User $user, Order $order): bool
    {
        return $user->can(Permission::ViewOrders)
            && $order->customer_id === $user->customer_id;
    }

    public function create(User $user): bool
    {
        return $user->can(Permission::CreateOrders);
    }

    public function update(User $user, Order $order): bool
    {
        return $user->can(Permission::UpdateOrders)
            && $order->canBeModified()
            && $order->customer_id === $user->customer_id;
    }

    public function delete(User $user, Order $order): bool
    {
        return $user->can(Permission::DeleteOrders)
            && $order->isPending();
    }

    public function cancel(User $user, Order $order): bool
    {
        return $this->update($user, $order)
            && $order->canBeCancelled();
    }
}

Permission Enum

<?php

declare(strict_types=1);

namespace App\Enums;

use Henzeb\Enumhancer\Concerns\Comparison;
use Henzeb\Enumhancer\Concerns\Dropdown;

enum Permission: string
{
    use Comparison, Dropdown;

    case ListOrders = 'list orders';
    case ViewOrders = 'view orders';
    case CreateOrders = 'create orders';
    case UpdateOrders = 'update orders';
    case DeleteOrders = 'delete orders';
    case CancelOrders = 'cancel orders';
}

Standard Policy Methods

Laravel conventions for policy methods:

  • viewAny() – List/index
  • view() – Show single resource
  • create() – Create new resource
  • update() – Update resource
  • delete() – Delete resource
  • restore() – Restore soft-deleted
  • forceDelete() – Permanently delete

Custom methods for non-standard actions:

  • cancel()
  • approve()
  • ship()
  • etc.

Key Patterns

1. Delegate to Permission System

return $user->can(Permission::CreateOrders);

2. Ownership Checks

return $user->can(Permission::ViewOrders)
    && $order->customer_id === $user->customer_id;

3. State Checks

return $user->can(Permission::DeleteOrders)
    && $order->isPending();

4. Combine Existing Methods

public function cancel(User $user, Order $order): bool
{
    return $this->update($user, $order)
        && $order->canBeCancelled();
}

Usage in Routes

Route::get('/orders', [OrderController::class, 'index'])
    ->can('viewAny', Order::class);

Route::get('/orders/{order}', [OrderController::class, 'show'])
    ->can('view', 'order');

Route::post('/orders', [OrderController::class, 'store'])
    ->can('create', Order::class);

See routing-permissions.md for route authorization.

Summary

Policies should:

  • Use permission enums (not strings)
  • Check ownership when needed
  • Check state when needed
  • Delegate to permission system
  • Follow Laravel naming conventions
  • Stay simple and focused
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。