Laravel - Authorization - Policy Filters
For certain users, you may wish to authorize all actions within a given policy. To accomplish this, define a before
method on the policy. The before
method will be executed before any other methods on the policy, giving you an opportunity to authorize the action before the intended policy method is actually called. This feature is most commonly used for authorizing application administrators to perform any action:
use App\Models\User;
/**
* Perform pre-authorization checks.
*
* @param \App\Models\User $user
* @param string $ability
* @return void|bool
*/
public function before(User $user, $ability)
{
if ($user->isAdministrator()) {
return true;
}
}
If you would like to deny all authorization checks for a particular type of user then you may return false
from the before
method. If null
is returned, the authorization check will fall through to the policy method.
The before
method of a policy class will not be called if the class doesn't contain a method with a name matching the name of the ability being checked.