Authorization policies for resource access control. Use when working with authorization, permissions, access control, or when user mentions policies, authorization, permissions, can, ability checks.
/plugin marketplace add leeovery/claude-laravel/plugin install leeovery-claude-laravel@leeovery/claude-laravelThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Policies encapsulate authorization logic and delegate to permission systems.
Related guides:
<?php
declare(strict_types=1);
namespace App\Policies;
use App\Enums\Permission;
use App\Models\Order;
use App\Models\User;
class OrderPolicy
{
public function viewAny(User $user): bool
{
return $user->can(Permission::ListOrders);
}
public function view(User $user, Order $order): bool
{
return $user->can(Permission::ViewOrders)
&& $order->customer_id === $user->customer_id;
}
public function create(User $user): bool
{
return $user->can(Permission::CreateOrders);
}
public function update(User $user, Order $order): bool
{
return $user->can(Permission::UpdateOrders)
&& $order->canBeModified()
&& $order->customer_id === $user->customer_id;
}
public function delete(User $user, Order $order): bool
{
return $user->can(Permission::DeleteOrders)
&& $order->isPending();
}
public function cancel(User $user, Order $order): bool
{
return $this->update($user, $order)
&& $order->canBeCancelled();
}
}
<?php
declare(strict_types=1);
namespace App\Enums;
use Henzeb\Enumhancer\Concerns\Comparison;
use Henzeb\Enumhancer\Concerns\Dropdown;
enum Permission: string
{
use Comparison, Dropdown;
case ListOrders = 'list orders';
case ViewOrders = 'view orders';
case CreateOrders = 'create orders';
case UpdateOrders = 'update orders';
case DeleteOrders = 'delete orders';
case CancelOrders = 'cancel orders';
}
Laravel conventions for policy methods:
viewAny() - List/indexview() - Show single resourcecreate() - Create new resourceupdate() - Update resourcedelete() - Delete resourcerestore() - Restore soft-deletedforceDelete() - Permanently deleteCustom methods for non-standard actions:
cancel()approve()ship()return $user->can(Permission::CreateOrders);
return $user->can(Permission::ViewOrders)
&& $order->customer_id === $user->customer_id;
return $user->can(Permission::DeleteOrders)
&& $order->isPending();
public function cancel(User $user, Order $order): bool
{
return $this->update($user, $order)
&& $order->canBeCancelled();
}
Route::get('/orders', [OrderController::class, 'index'])
->can('viewAny', Order::class);
Route::get('/orders/{order}', [OrderController::class, 'show'])
->can('view', 'order');
Route::post('/orders', [OrderController::class, 'store'])
->can('create', Order::class);
See routing-permissions.md for route authorization.
Policies should:
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.