From superpowers-laravel
Enforces Laravel access via Policies and Gates; standardizes controller protections using authorize() and authorizeResource(). Useful for model authorization and route guards.
npx claudepluginhub jpcaparas/superpowers-laravel --plugin superpowers-laravelThis skill uses the workspace's default tool permissions.
Use Policies for per-model actions; use Gates for cross-cutting checks.
Provides Laravel authorization patterns using Gates, Policies, middleware, and Response objects for ability checks and model access control.
Implements and tests authorization in Rails apps using Pundit or CanCanCan: policy objects, role-based access control, permission checks, and testing strategies.
Creates ActionPolicy authorization in Rails: policy classes, controller integration with authorize!, scopes, caching, I18n, tests, GraphQL/ActionCable support. Proactive alternative to Pundit.
Share bugs, ideas, or general feedback.
Use Policies for per-model actions; use Gates for cross-cutting checks.
# Generate a policy
sail artisan make:policy PostPolicy --model=Post # or: php artisan make:policy PostPolicy --model=Post
# Apply in routes (resource controllers)
Route::resource('posts', PostController::class);
// In controller constructor
$this->authorizeResource(Post::class, 'post');
# One-off checks
$this->authorize('update', $post); // in controller
Gate::allows('manage-billing', $user); // ad-hoc gate
viewAny, view, create, update, delete, restore, forceDeleteAuthServiceProvidercan middleware for quick route protection: ->middleware('can:update,post')actingAs($user)->get(...)->assertForbidden() for denied cases