Authorization with Policies: Who Can Do What

Authorization ensures users only access what they are allowed to. ## Create policy ```bash php artisan make:policy PostPolicy --model=Post ``` ## Example rule ```php public function update(User $user, Post $post): bool { return $user->id === $post->user_id; } ``` ## Use in controller ```php $this->authorize('update', $post); ``` ## Flow ```mermaid flowchart TD A[Request] --> B[Controller] B --> C[Policy] C -->|Allow| D[Continue] C -->|Deny| E[403] ``` Policies protect your business rules. In the next tutorial, we will build JSON APIs using Laravel.