Every two weeks I send out a newsletter containing lots of interesting stuff for the modern PHP developer. You can expect quick tips, links to interesting tutorials, opinions and packages. Want to learn the cool stuff? Then sign up now!

A middleware to check abilities on the route level

Laravel’s native authorization functionality allows  you to define abilities a user can have. There are multiple ways to check if a user has a certain ability: via the facade, via the user model, within blade templates and within form requests.

What Laravel doesn’t provide out of the box is a middleware to check abilities on the route-level. So I made that middleware myself and released it as a package on GitHub.

Here’s a simple example to give you an idea what it can do:

// only users with the viewTopSecretPage-ability be 
// able to see this

Route::get('/top-secret-page', [
   'middleware'=> 'can:viewTopSecretPage',
   'uses' => '[email protected]',

Route groups can be used to apply the middleware to a bunch of routes:

Route::group(['prefix' => 'admin', 'middleware' => 'can:viewAdmin'], function() {

   //all the controllers of your admin section


I’ve provided a readme with full installation instructions and some examples.

If you like the package, be sure to check out the other Spatie Laravel packages.

Freek Van der Herten is a partner and developer at Spatie, an Antwerp based company that specializes in creating web apps with Laravel. After hours he writes about modern PHP and Laravel on this blog. When not coding he’s probably rehearsing with his kraut rock band. He loves waffles and butterflies.