Freek.dev

Laravel / PHP / AI

A middleware to check abilities on the route level original

by Freek Van der Herten – 1 minute read

authorization laravel middleware package php

Laravel's native authorization functionality allows you to define abilities a user can have. There are multiple ways to check if a user has a certain ability: via the facade, via the user model, within blade templates and within form requests.

What Laravel doesn't provide out of the box is a middleware to check abilities on the route-level. So I made that middleware myself and released it as a package on GitHub.

Here's a simple example to give you an idea what it can do:

// only users with the viewTopSecretPage-ability be 
// able to see this

Route::get('/top-secret-page', [
   'middleware'=> 'can:viewTopSecretPage',
   'uses' => 'TopSecretController@index',
]);

Route groups can be used to apply the middleware to a bunch of routes:

Route::group(['prefix' => 'admin', 'middleware' => 'can:viewAdmin'], function() {

   //all the controllers of your admin section
   ...

});

I've provided a readme with full installation instructions and some examples.

If you like the package, be sure to check out the other Spatie Laravel packages.

Sharing Laravel cookies across subdomains →
Share Post LinkedIn | Follow @freekmurze

Join 9,500+ smart developers

Get my monthly newsletter with what I learn from running Spatie, building Oh Dear, and maintaining 300+ open source packages. Practical takes on Laravel, PHP, and AI that you can actually use.

No spam. Unsubscribe anytime. You can also follow me on X.

Found something interesting to share? Submit a link to the community section.