noartem/laravel-policies-and-authorization
skills/laravel-policies-and-authorization/SKILL.md
Enforce access via Policies and Gates; use authorize() and authorizeResource() to standardize controller protections
$ install --global
skillsauthnpx skillsauth add noartem/laravel-vue-skills laravel-policies-and-authorizationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 10, 2026, 2:24 AM33.0s1 file scanned
SKILL.md
- name:
- laravel-policies-and-authorization
- description:
- Enforce access via Policies and Gates; use authorize() and authorizeResource() to standardize controller protections
Policies and Authorization
Use Policies for per-model actions; use Gates for cross-cutting checks.
Commands
# Generate a policy
sail artisan make:policy PostPolicy --model=Post # or: php artisan make:policy PostPolicy --model=Post
# Apply in routes (resource controllers)
Route::resource('posts', PostController::class);
// In controller constructor
$this->authorizeResource(Post::class, 'post');
# One-off checks
$this->authorize('update', $post); // in controller
Gate::allows('manage-billing', $user); // ad-hoc gate
Patterns
- Use resource policy methods:
viewAny, view, create, update, delete, restore, forceDelete - Prefer policy methods over inline checks; keeps controllers clean
- Register policies in
AuthServiceProvider - Use
canmiddleware for quick route protection:->middleware('can:update,post') - In tests, assert
actingAs($user)->get(...)->assertForbidden()for denied cases
Related Skills
noartem/vue3-component-decomposition
testing
VerifiedTrustedCommunity
Decompose large Vue 3 components into focused SFCs and composables with explicit contracts, simple templates, and SSR-safe side effects.
9SKILL.mdUpdated May 4, 2026
noartem/shadcn-vue
tools
VerifiedTrustedCommunity
shadcn-vue for Vue/Nuxt with Reka UI components and Tailwind. Use for accessible UI, Auto Form, data tables, charts, dark mode, MCP server setup, or encountering component imports, Reka UI errors.
9SKILL.mdUpdated May 4, 2026
noartem/laravel-transactions-and-consistency
documentation
VerifiedTrustedCommunity
Wrap multi-write operations in transactions; use dispatchAfterCommit and idempotency patterns to ensure consistency
9SKILL.mdUpdated May 4, 2026
noartem/laravel-template-method-and-plugins
tools
VerifiedTrustedCommunity
Stabilize workflows with Template Method or Strategy; extend by adding new classes instead of editing core logic
9SKILL.mdUpdated May 4, 2026