You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: guide/laravel-integration.md
+104Lines changed: 104 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -121,3 +121,107 @@ All AJAX handlers defined in the controller are available to every page action i
121
121
::: tip
122
122
For a deeper understanding of this pattern and how it compares to traditional resource controllers, see [Architecture & Philosophy](/guide/architecture).
123
123
:::
124
+
125
+
## Authorization with Policies & Gates
126
+
127
+
Laravel's [authorization system](https://laravel.com/docs/authorization) works naturally inside AJAX handlers. Since handlers are regular controller methods, you can use `$this->authorize()`, the `Gate` facade, or any other authorization approach you'd use in a standard Laravel controller.
128
+
129
+
When authorization fails, the thrown exception is caught by the Larajax exception handler and returned as a clean AJAX error response — no extra configuration needed.
130
+
131
+
### Using Policies
132
+
133
+
Define a policy as you normally would:
134
+
135
+
```php
136
+
// app/Policies/PostPolicy.php
137
+
class PostPolicy
138
+
{
139
+
public function update(User $user, Post $post): bool
140
+
{
141
+
return $user->id === $post->user_id;
142
+
}
143
+
144
+
public function delete(User $user, Post $post): bool
145
+
{
146
+
return $user->id === $post->user_id;
147
+
}
148
+
}
149
+
```
150
+
151
+
Then call `$this->authorize()` inside your handlers:
0 commit comments