Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

ashokfyn's avatar

How to restrict Super Admin in specific case while using Gate::before globally?

Hi everyone,

In my Laravel app, I’ve used Gate::before() inside PermissionServiceProvider to allow users with the “Super Admin” role to bypass all authorization checks, like this:

Gate::before(function ($user, $ability) { if ($user->hasRole('Super Admin')) { return true; } });

This works well across the app. However, I have one exception: I do not want Super Admins to be allowed to update a ticket if its status is Closed.

I have this logic in my TicketPolicy:

public function update(User $user, Ticket $ticket): Response { if ($ticket->ticket_status_id === TicketStatusEnum::Closed->value) { return Response::deny('This ticket is already resolved and cannot be updated.'); }

return $user->id === $ticket->owner_id
    ? Response::allow()
    : Response::deny('You do not own this ticket.');

}

The issue is: since Gate::before() returns true for Super Admins, this policy never gets called, so they can still update closed tickets — which I want to prevent.

0 likes
2 replies
jlrdw's avatar

Insert an if else in the gate to disallow (false) in that case.

1 like
Snapey's avatar

if its one case for one method, I woukd block it in the controller.

Please or to participate in this conversation.