Enhancing Laravel Authorization with Backed Enums

Last updated on March 15th, 2025 by Harris Raftopoulos

Laravel now offers direct support for backed enums in authorization, eliminating the need to reference the enum's value property. This streamlined approach makes permission checks more intuitive and maintainable.

The implementation is straightforward:

enum ReportPermission: string
{
    case VIEW = 'reports.view';
    case EXPORT = 'reports.export';
    case MANAGE = 'reports.manage';
}
 
public function showReport(): View
{
    $this->authorize(ReportPermission::VIEW);
 
    return view('reports.show');
}

This pattern works elegantly across complex authorization systems:

enum ContentPermission: string
{
    case LIST_ARTICLES = 'content.articles.list';
    case VIEW_ARTICLE = 'content.articles.view';
    case CREATE_ARTICLE = 'content.articles.create';
    case MODIFY_ARTICLE = 'content.articles.update';
    case REMOVE_ARTICLE = 'content.articles.delete';
}
 
class ArticleController extends Controller
{
    public function index()
    {
        $this->authorize(ContentPermission::LIST_ARTICLES);
 
        return Inertia::render('Articles/Index', [
            'articles' => Article::with('author')
                ->latest()
                ->paginate(15)
        ]);
    }
 
    public function store(ArticleRequest $request)
    {
        $this->authorize(ContentPermission::CREATE_ARTICLE);
 
        $article = Article::create(array_merge(
            $request->validated(),
            ['author_id' => auth()->id()]
        ));
 
        return redirect()
            ->route('articles.edit', $article)
            ->with('status', 'Article created successfully');
    }
 
    public function update(ArticleRequest $request, Article $article)
    {
        $this->authorize(ContentPermission::MODIFY_ARTICLE);
 
        $article->update($request->validated());
 
        event(new ArticleUpdated($article));
 
        return back()->with('status', 'Article updated');
    }
}