Model Policies | laravel-permission | Spatie

 SPATIE

  Laravel Permission
=====================

spatie.be/open-source

  [Docs](https://spatie.be/docs)  [Laravel-permission](https://spatie.be/docs/laravel-permission/v3)  Best-practices  Model Policies

 Version   v7   v6   v5   v4   v3

 Other versions for crawler [v7](https://spatie.be/docs/laravel-permission/v7) [v6](https://spatie.be/docs/laravel-permission/v6) [v5](https://spatie.be/docs/laravel-permission/v5) [v4](https://spatie.be/docs/laravel-permission/v4) [v3](https://spatie.be/docs/laravel-permission/v3)

- [ Introduction ](https://spatie.be/docs/laravel-permission/v3/introduction)
- [ Support us ](https://spatie.be/docs/laravel-permission/v3/support-us)
- [ Prerequisites ](https://spatie.be/docs/laravel-permission/v3/prerequisites)
- [ Installation in Laravel ](https://spatie.be/docs/laravel-permission/v3/installation-laravel)
- [ Installation in Lumen ](https://spatie.be/docs/laravel-permission/v3/installation-lumen)
- [ Upgrading ](https://spatie.be/docs/laravel-permission/v3/upgrading)
- [ Questions and issues ](https://spatie.be/docs/laravel-permission/v3/questions-issues)
- [ Changelog ](https://spatie.be/docs/laravel-permission/v3/changelog)
- [ About us ](https://spatie.be/docs/laravel-permission/v3/about-us)

Basic Usage
-----------

- [ Basic Usage ](https://spatie.be/docs/laravel-permission/v3/basic-usage/basic-usage)
- [ Direct Permissions ](https://spatie.be/docs/laravel-permission/v3/basic-usage/direct-permissions)
- [ Using permissions via roles ](https://spatie.be/docs/laravel-permission/v3/basic-usage/role-permissions)
- [ Wildcard permissions ](https://spatie.be/docs/laravel-permission/v3/basic-usage/wildcard-permissions)
- [ Blade directives ](https://spatie.be/docs/laravel-permission/v3/basic-usage/blade-directives)
- [ Defining a Super-Admin ](https://spatie.be/docs/laravel-permission/v3/basic-usage/super-admin)
- [ Using multiple guards ](https://spatie.be/docs/laravel-permission/v3/basic-usage/multiple-guards)
- [ Using artisan commands ](https://spatie.be/docs/laravel-permission/v3/basic-usage/artisan)
- [ Using a middleware ](https://spatie.be/docs/laravel-permission/v3/basic-usage/middleware)
- [ Example App ](https://spatie.be/docs/laravel-permission/v3/basic-usage/new-app)

Best Practices
--------------

- [ Roles vs Permissions ](https://spatie.be/docs/laravel-permission/v3/best-practices/roles-vs-permissions)
- [ Model Policies ](https://spatie.be/docs/laravel-permission/v3/best-practices/using-policies)
- [ Performance Tips ](https://spatie.be/docs/laravel-permission/v3/best-practices/performance)

Advanced usage
--------------

- [ Testing ](https://spatie.be/docs/laravel-permission/v3/advanced-usage/testing)
- [ Database Seeding ](https://spatie.be/docs/laravel-permission/v3/advanced-usage/seeding)
- [ Exceptions ](https://spatie.be/docs/laravel-permission/v3/advanced-usage/exceptions)
- [ Extending ](https://spatie.be/docs/laravel-permission/v3/advanced-usage/extending)
- [ Cache ](https://spatie.be/docs/laravel-permission/v3/advanced-usage/cache)
- [ UUID ](https://spatie.be/docs/laravel-permission/v3/advanced-usage/uuid)
- [ Extending PhpStorm ](https://spatie.be/docs/laravel-permission/v3/advanced-usage/phpstorm)
- [ Other ](https://spatie.be/docs/laravel-permission/v3/advanced-usage/other)
- [ Timestamps ](https://spatie.be/docs/laravel-permission/v3/advanced-usage/timestamps)
- [ UI Options ](https://spatie.be/docs/laravel-permission/v3/advanced-usage/ui-options)

      You are viewing the documentation for **an older version** of this package. You can check the version you are using with the following command:

 `                                    composer show spatie/laravel-permission                                                                                                                                                                                                                                    `

Model Policies
==============

The best way to incorporate access control for application features is with [Laravel's Model Policies](https://laravel.com/docs/authorization#creating-policies).

Using Policies allows you to simplify things by abstracting your "control" rules into one place, where your application logic can be combined with your permission rules.

Jeffrey Way explains the concept simply in the [Laravel 6 Authorization Filters](https://laracasts.com/series/laravel-6-from-scratch/episodes/51) and [policies](https://laracasts.com/series/laravel-6-from-scratch/episodes/63) videos and in other related lessons in that chapter. He also mentions how to set up a super-admin, both in a model policy and globally in your application.

You can find an example of implementing a model policy with this Laravel Permissions package in this demo app: