Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Can anyone help me with understanding when/how to use each of these?
Middleware is to protect routes e.g. check role of the user is admin or not. Think I'm happy about these.
Guards. Are a means of authenticating users, but when or why would I do this? For e.g. oauth or token based authentication with another service?
Gates/Policies check if a user can do a certain action. To date most user actions are as AJAX requests so I'm already using middleware to protect the post route. And then I have added functions directly on my User model so I can do e.g. if $user->hasCompletedProfile to see if they have permissions. Do policies or gates add any security benefit to this approach or is it more about putting things in the right place?
Hi @geerizzle, this is a good question and I haven't found any good examples or explanations.
@jlrdw, Could you maybe give an example with an explanation of each? I'm using Laratrust to manage my RBAC. I'm also using Laravel Passport to manage token based authentication for my API.
I'm not sure how the different elements (Middleware and guards specifically) interact with one another and how they should be used in the Http/Kernel.php. Help would be very much appreciated.
I'm just coming up against this as well. Specifically I'm implementing GraphQL on Laravel and there's an option to add '// Additional route group attributes' and gives guards as an option. Why would I want to do this over, say, middleware?
Up to this discussion. I'm wondering the same
@ellajhonm Then read the docs instead of bumping a 2-year-old thread.
I would recommend you watch this video: https://www.youtube.com/watch?v=NiQSNjWKLfU
Especially focus on the final thoughts.
Please or to participate in this conversation.