Together with Marcel Pociot and our colleagues at Beyond Code and Spatie, I'm currently building Flare, a paid service which will be revealed at Laracon EU. Together with the service we'll release a package that will change the way you will work with Laravel. To stay in the loop subscribe to our mailinglist at

A middleware to check abilities on the route level

Original – by Freek Van der Herten – 1 minute read

Laravel's native authorization functionality allows  you to define abilities a user can have. There are multiple ways to check if a user has a certain ability: via the facade, via the user model, within blade templates and within form requests.

What Laravel doesn't provide out of the box is a middleware to check abilities on the route-level. So I made that middleware myself and released it as a package on GitHub.

Here's a simple example to give you an idea what it can do:

// only users with the viewTopSecretPage-ability be 
// able to see this

Route::get('/top-secret-page', [
   'middleware'=> 'can:viewTopSecretPage',
   'uses' => 'TopSecretController@index',

Route groups can be used to apply the middleware to a bunch of routes:

Route::group(['prefix' => 'admin', 'middleware' => 'can:viewAdmin'], function() {

   //all the controllers of your admin section


I've provided a readme with full installation instructions and some examples.

If you like the package, be sure to check out the other Spatie Laravel packages.

Stay up to date with all things Laravel, PHP, and JavaScript.

Follow me on Twitter. I regularly tweet out programming tips, and what I myself have learned in ongoing projects.

Every two weeks I send out a newsletter containing lots of interesting stuff for the modern PHP developer.

Expect quick tips & tricks, interesting tutorials, opinions and packages. Because I work with Laravel every day there is an emphasis on that framework.

Rest assured that I will only use your email address to send you the newsletter and will not use it for any other purposes.