Model Policies | laravel-permission | Spatie

 SPATIE

  Laravel Permission
=====================

spatie.be/open-source

  [Docs](https://spatie.be/docs)  [Laravel-permission](https://spatie.be/docs/laravel-permission/v7)  Best-practices  Model Policies

 Version   v7   v6   v5   v4   v3

 Other versions for crawler [v7](https://spatie.be/docs/laravel-permission/v7) [v6](https://spatie.be/docs/laravel-permission/v6) [v5](https://spatie.be/docs/laravel-permission/v5) [v4](https://spatie.be/docs/laravel-permission/v4) [v3](https://spatie.be/docs/laravel-permission/v3)

- [ Introduction ](https://spatie.be/docs/laravel-permission/v7/introduction)
- [ Support us ](https://spatie.be/docs/laravel-permission/v7/support-us)
- [ Prerequisites ](https://spatie.be/docs/laravel-permission/v7/prerequisites)
- [ Installation in Laravel ](https://spatie.be/docs/laravel-permission/v7/installation-laravel)
- [ Upgrading ](https://spatie.be/docs/laravel-permission/v7/upgrading)
- [ Questions and issues ](https://spatie.be/docs/laravel-permission/v7/questions-issues)
- [ Changelog ](https://spatie.be/docs/laravel-permission/v7/changelog)
- [ About us ](https://spatie.be/docs/laravel-permission/v7/about-us)

Basic Usage
-----------

- [ Basic Usage ](https://spatie.be/docs/laravel-permission/v7/basic-usage/basic-usage)
- [ Direct Permissions ](https://spatie.be/docs/laravel-permission/v7/basic-usage/direct-permissions)
- [ Using Permissions via Roles ](https://spatie.be/docs/laravel-permission/v7/basic-usage/role-permissions)
- [ Enums ](https://spatie.be/docs/laravel-permission/v7/basic-usage/enums)
- [ Teams permissions ](https://spatie.be/docs/laravel-permission/v7/basic-usage/teams-permissions)
- [ Wildcard permissions ](https://spatie.be/docs/laravel-permission/v7/basic-usage/wildcard-permissions)
- [ Blade directives ](https://spatie.be/docs/laravel-permission/v7/basic-usage/blade-directives)
- [ Defining a Super-Admin ](https://spatie.be/docs/laravel-permission/v7/basic-usage/super-admin)
- [ Using multiple guards ](https://spatie.be/docs/laravel-permission/v7/basic-usage/multiple-guards)
- [ Artisan Commands ](https://spatie.be/docs/laravel-permission/v7/basic-usage/artisan)
- [ Middleware ](https://spatie.be/docs/laravel-permission/v7/basic-usage/middleware)
- [ Passport Client Credentials Grant usage ](https://spatie.be/docs/laravel-permission/v7/basic-usage/passport)
- [ Example App ](https://spatie.be/docs/laravel-permission/v7/basic-usage/new-app)

Best Practices
--------------

- [ Roles vs Permissions ](https://spatie.be/docs/laravel-permission/v7/best-practices/roles-vs-permissions)
- [ Model Policies ](https://spatie.be/docs/laravel-permission/v7/best-practices/using-policies)
- [ Performance Tips ](https://spatie.be/docs/laravel-permission/v7/best-practices/performance)

Advanced usage
--------------

- [ Testing ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/testing)
- [ Database Seeding ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/seeding)
- [ Exceptions ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/exceptions)
- [ Extending ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/extending)
- [ Cache ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/cache)
- [ Events ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/events)
- [ Custom Permission Check ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/custom-permission-check)
- [ UUID/ULID ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/uuid)
- [ PhpStorm Interaction ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/phpstorm)
- [ Other ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/other)
- [ Timestamps ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/timestamps)
- [ UI Options ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/ui-options)

 Model Policies
==============

The best way to incorporate access control for application features is with [Laravel's Model Policies](https://laravel.com/docs/authorization#creating-policies).

Using Policies allows you to simplify things by abstracting your "control" rules into one place, where your application logic can be combined with your permission rules.

Jeffrey Way explains the concept simply in the [Laravel 6 Authorization Filters](https://laracasts.com/series/laravel-6-from-scratch/episodes/51) and [policies](https://laracasts.com/series/laravel-6-from-scratch/episodes/63) videos and in other related lessons in that chapter. He also mentions how to set up a super-admin, both in a model policy and globally in your application.

Here's a partial example of a PostPolicy which could control access to Post model records:

```