Laravel Gates and Policies Tutorial with Examples

In this tutorial, we will explore how to implement authentication and authorization using Laravel Gates and Policies. This will allow us to create a user role access control system that helps manage permissions within a Laravel application.


Laravel Gates and Policies Overview

Laravel Gates and Policies are essential components of Laravel’s Authorization system. They allow developers to define granular user access control within an application. This tutorial will demonstrate how to set up a Laravel project, create a migration table for user roles, and implement Gates and Policies to manage user access.


Setting Up a New Laravel Project


Installing Laravel

First, install a fresh Laravel application by running the following command in your terminal or command prompt:

composer create-project --prefer-dist laravel/laravel blog


Configuring Database

Next, configure the database connection in your .env file. Update the following values according to your database configuration:



Creating a User Role Migration

To add a role column to the users table, create a new migration by running:

php artisan make:migration add_role_column_to_users_table


Update the newly created migration file in the database/migrations directory with the following code:

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class AddRoleColumnToUsersTable extends Migration
    public function up()
        Schema::table('users', function (Blueprint $table) {
            $table->enum('role',  ['user', 'manager', 'admin'])->default('user');

    public function down()
        // ...


Now, run the migration using this command:

php artisan migrate


Adding Dummy Users

Add some dummy users to the users table. You can use Laravel Tinker to create these records.


Generating Authentication Scaffolding

To generate the authentication scaffolding, follow these steps:

Install the laravel/ui package:

composer require laravel/ui

Generate the authentication scaffolding:

php artisan ui bootstrap --auth


Install and run npm:

npm install
npm run dev


Defining Custom Gates

Update the AuthServiceProvider.php file in the app/Providers directory to define custom gates for user roles:

use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;

class AuthServiceProvider extends ServiceProvider
    protected $policies = [];

    public function boot()

        // Define admin role
        Gate::define('isAdmin', function($user) {
           return $user->role == 'admin';

        // Define manager role
        Gate::define('isManager', function($user) {
return $user->role == 'manager';
        // Define user role
        Gate::define('isUser', function($user) {
        return $user->role == 'user';


Implementing Gates in Blade Files

Update the home.blade.php file in the resources/views directory to use the custom gates for each role:


<div class="container">
    <div class="row justify-content-center">
        <div class="col-md-8">
            <div class="card">
                <div class="card-header">Dashboard</div>

                <div class="card-body">
                    @if (session('status'))
                        <div class="alert alert-success" role="alert">
                            {{ session('status') }}

                        <div class="btn btn-success btn-lg">
                          You have Admin Access
                        <div class="btn btn-primary btn-lg">
                          You have Manager Access
                        <div class="btn btn-info btn-lg">
                          You have User Access



Using Gates in Controllers

You can also use gates in controller files:

public function delete()
    if (Gate::allows('isAdmin')) {
        dd('Admin allowed');
    } else {
        dd('You are not Admin');

public function delete()
    if (Gate::denies('isAdmin')) {
        dd('You are not admin');
    } else {
        dd('Admin allowed');

public function delete()

public function delete()


Gates Middleware in Routes

To use gates as middleware in routes, update your routes/web.php file like this:

Route::get('/posts/delete', 'PostController@delete')->middleware('can:isAdmin')->name('post.delete');
Route::get('/posts/update', 'PostController@update')->middleware('can:isManager')->name('post.update');
Route::get('/posts/create', 'PostController@create')->middleware('can:isUser')->name('post.create');



By following this tutorial, you should now have a good understanding of how to implement Laravel Gates and Policies for user role access control. This will enable you to create a more secure and manageable Laravel application.


Some Common Questions:


What are Laravel Gates and Policies?

Laravel Gates and Policies are components of Laravel’s Authorization system that allow developers to define granular user access control within an application.


How do I define custom gates in Laravel?

Custom gates can be defined within the AuthServiceProvider.php file in the app/Providers directory using the Gate::define() method.

How can I use gates in Blade files?

Gates can be used in Blade files using the @can, @elsecan, and @endcan directives.


Can I use gates in controller files?

Yes, gates can be used in controller files using the Gate::allows(), Gate::denies(), and $this->authorize() methods.


How can I use gates as middleware in routes?

Gates can be used as middleware in routes by applying the can:middlewareNamemiddleware in your routes/web.php file.


About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *