How to check if user has permission to access this function in Laravel

Stefan Izdrail

Founder & Senior Architect · 2026-06-29

Laravel Company
Title: Efficient Permission Checking in Laravel: A Comprehensive Approach for Better Code Organization Body: In a Laravel application, you might have many functions requiring different permissions to be accessed and executed properly. Manually checking user permissions with if statements in each function can lead to redundancy and make the code messy. To solve this issue, we'll examine how to use helper functions combined with middleware and the Gate facade for a more efficient approach. 1. Create a Gate class that defines all your required permissions:
class PermissionGates {
    public function hasPermissionToShowAllUsers() {
        return true; // This is just an example, replace it with your actual logic
    }
}
2. Add a custom middleware to check permissions:
Route::middleware('auth')->group(function () {
    Route::resource('users', 'UsersController');
});

Route::middleware(['permission_check'])->group(function() {
    // Your protected routes will go here
})

// Create a custom middleware class for permissions
class PermissionCheckMiddleware
{
    public function handle($request, Closure $next) {
        if (!PermissionGates::hasPermissionToShowAllUsers()) {
            return redirect()->route('unauthorized'); // Redirect to an unauthorized page or return a custom error response
        }
        return $next($request);
    }
}
Now, whenever your application tries to access any of the protected routes or functions, the middleware will check if the user has permission before allowing them to proceed. This way, you can keep your controllers and functions clean without worrying about checking permissions in each function. However, there's always room for optimization. Laravel comes with a powerful feature known as Gate facade that allows you to define access rules in a single place: 1. Declare your custom gate class in the Gate facade:
Gate::define('my-custom-gate', function ($user, $ability) {
    if (!PermissionGates::hasPermissionToShowAllUsers()) {
        return false;
    } else {
        // Perform custom logic for this permission
        if ($ability == 'deleteUser') {
            if (Auth::user()->isAdmin()) {
                return true;
            }
        }
        return true;
    }
});
Now, you can easily check for permissions in your controllers or functions using the Gate facade:
public function delete($id) {
    if (Gate::allows('deleteUser')) { // Check if user has permission to delete a user
        User::findOrFail($id)->delete();
        return redirect()->route('users.index')->withSuccess(__('Deleted successfully'));
    } else {
        return redirect()->back()->withErrors(['error' => 'You don\'t have permission to perform this action']);
    }
}
The above approach is more organized, efficient, and reusable across your application. You can create more custom gates for different permissions and ensure that users only access the functions within their permission scope. In conclusion, using a combination of middleware, Gate facade, and well-structured code can significantly improve the efficiency in handling user permissions throughout your Laravel application. By doing so, you maintain a cleaner codebase and better organize your permissions logic, resulting in a more streamlined development process.