Custom Permission Check | laravel-permission | Spatie

 SPATIE

  Laravel Permission
=====================

spatie.be/open-source

  [Docs](https://spatie.be/docs)  [Laravel-permission](https://spatie.be/docs/laravel-permission/v5)  Advanced-usage  Custom Permission Check

 Version   v7   v6   v5   v4   v3

 Other versions for crawler [v7](https://spatie.be/docs/laravel-permission/v7) [v6](https://spatie.be/docs/laravel-permission/v6) [v5](https://spatie.be/docs/laravel-permission/v5) [v4](https://spatie.be/docs/laravel-permission/v4) [v3](https://spatie.be/docs/laravel-permission/v3)

- [ Introduction ](https://spatie.be/docs/laravel-permission/v5/introduction)
- [ Support us ](https://spatie.be/docs/laravel-permission/v5/support-us)
- [ Prerequisites ](https://spatie.be/docs/laravel-permission/v5/prerequisites)
- [ Installation in Laravel ](https://spatie.be/docs/laravel-permission/v5/installation-laravel)
- [ Installation in Lumen ](https://spatie.be/docs/laravel-permission/v5/installation-lumen)
- [ Upgrading ](https://spatie.be/docs/laravel-permission/v5/upgrading)
- [ Questions and issues ](https://spatie.be/docs/laravel-permission/v5/questions-issues)
- [ Changelog ](https://spatie.be/docs/laravel-permission/v5/changelog)
- [ About us ](https://spatie.be/docs/laravel-permission/v5/about-us)

Basic Usage
-----------

- [ Basic Usage ](https://spatie.be/docs/laravel-permission/v5/basic-usage/basic-usage)
- [ Direct Permissions ](https://spatie.be/docs/laravel-permission/v5/basic-usage/direct-permissions)
- [ Using Permissions via Roles ](https://spatie.be/docs/laravel-permission/v5/basic-usage/role-permissions)
- [ Enums ](https://spatie.be/docs/laravel-permission/v5/basic-usage/enums)
- [ Teams permissions ](https://spatie.be/docs/laravel-permission/v5/basic-usage/teams-permissions)
- [ Wildcard permissions ](https://spatie.be/docs/laravel-permission/v5/basic-usage/wildcard-permissions)
- [ Blade directives ](https://spatie.be/docs/laravel-permission/v5/basic-usage/blade-directives)
- [ Using a middleware ](https://spatie.be/docs/laravel-permission/v5/basic-usage/middleware)
- [ Defining a Super-Admin ](https://spatie.be/docs/laravel-permission/v5/basic-usage/super-admin)
- [ Using multiple guards ](https://spatie.be/docs/laravel-permission/v5/basic-usage/multiple-guards)
- [ Using artisan commands ](https://spatie.be/docs/laravel-permission/v5/basic-usage/artisan)
- [ Example App ](https://spatie.be/docs/laravel-permission/v5/basic-usage/new-app)

Best Practices
--------------

- [ Roles vs Permissions ](https://spatie.be/docs/laravel-permission/v5/best-practices/roles-vs-permissions)
- [ Model Policies ](https://spatie.be/docs/laravel-permission/v5/best-practices/using-policies)
- [ Performance Tips ](https://spatie.be/docs/laravel-permission/v5/best-practices/performance)

Advanced usage
--------------

- [ Testing ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/testing)
- [ Database Seeding ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/seeding)
- [ Exceptions ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/exceptions)
- [ Extending ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/extending)
- [ Cache ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/cache)
- [ Custom Permission Check ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/custom-permission-check)
- [ UUID ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/uuid)
- [ PhpStorm Interaction ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/phpstorm)
- [ Other ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/other)
- [ Timestamps ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/timestamps)
- [ UI Options ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/ui-options)

      You are viewing the documentation for **an older version** of this package. You can check the version you are using with the following command:

 `                                    composer show spatie/laravel-permission                                                                                                                                                                                                                                    `

Custom Permission Check
=======================

###  On this page

1. [ Default Permission Check Functionality ](#content-default-permission-check-functionality)
2. [ Using Custom Permission Check Functionality ](#content-using-custom-permission-check-functionality)

Default Permission Check Functionality
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

By default, this package registers a `Gate::before()` method call on [Laravel's gate](https://laravel.com/docs/authorization). This method is responsible for checking if the user has the required permission or not, for calls to `can()` helpers and most `model policies`. Whether a user has a permission or not is determined by checking the user's permissions stored in the database.

In the permission config file, `register_permission_check_method` is set to `true`, which means this package operates using the default behavior described above. Only set this to `false` if you want to bypass the default operation and implement your own custom logic for checking permissions, as described below.

Using Custom Permission Check Functionality
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

However, in some cases, you might want to implement custom logic for checking if the user has a permission or not.

Let's say that your application uses access tokens for authentication and when issuing the tokens, you add a custom claim containing all the permissions the user has. In this case, if you want to check whether the user has the required permission or not based on the permissions in your custom claim in the access token, then you need to implement your own logic for handling this.

You could, for example, create a `Gate::before()` method call to handle this:

**app/Providers/AuthServiceProvider.php**

```
public function boot()
{
    ...

    Gate::before(function ($user, $ability) {
        return $user->hasTokenPermission($ability) ?: null;
    });
}
```

Here `hasTokenPermission` is a **custom method you need to implement yourself**.