Laravel's native authorization functionality allows  you to define abilities a user can have. There are multiple ways to check if a user has a certain ability: via the facade, via the user model, within blade templates and within form requests.

What Laravel doesn't provide out of the box is a middleware to check abilities on the route-level. So I made that middleware myself and released it as a package on GitHub.

Here's a simple example to give you an idea what it can do:

// only users with the viewTopSecretPage-ability be 
// able to see this

Route::get('/top-secret-page', [
   'middleware'=> 'can:viewTopSecretPage',
   'uses' => '[email protected]',

Route groups can be used to apply the middleware to a bunch of routes:

Route::group(['prefix' => 'admin', 'middleware' => 'can:viewAdmin'], function() {

   //all the controllers of your admin section


I've provided a readme with full installation instructions and some examples.

If you like the package, be sure to check out the other Spatie Laravel packages.