Writing authorisation logic by hand is tedious and easy to get wrong — especially when policies span multiple roles, ownership rules, and edge cases. Claude can generate the full policy class from a plain-English description of your rules.
Describe your model and who should be allowed to do what:
Generate a Laravel Policy for a Post model. Rules:
- Guests can view published posts only
- Authors can create, update, and delete their own posts
- Editors can update any post but not delete
- Admins can do everything
Claude will generate a complete policy class with all the right method signatures, ownership checks, and return types:
public function update(User $user, Post $post): bool
{
return $user->isAdmin()
|| $user->isEditor()
|| $user->id === $post->user_id;
}
It will also write the registration call for AuthServiceProvider and remind you to attach the policy to the model with @can directives or $this->authorize() in your controllers.
For simpler one-off checks, ask Claude to write Gates instead:
Add a Gate that prevents users from posting
if their account is less than 7 days old.
You can go further and ask Claude to generate Pest or PHPUnit tests that cover every policy method, so you have full coverage on your authorisation layer from day one.
Authorisation bugs are security bugs — get Claude to write and test your policies before they ship.
Log in to leave a comment.
Set up Claude Code as an automated reviewer in your CI pipeline — on every pull request, it reads the diff, checks for bugs, security issues, missing tests, and convention violations, then posts its findings as a PR comment. Your human reviewers get a head start because the obvious issues are already flagged before they look.
Before deploying, tell Claude to read your project — migrations, environment variables, queue workers, scheduled tasks, caching, third-party integrations — and generate a deployment checklist that's specific to your app. Not a generic "did you run migrations?" list, but one that knows YOUR infrastructure and catches the things YOUR deploy can break.
Instead of writing a README from memory or copying a template, tell Claude to read your project and generate one that's actually accurate — real setup instructions from your config, real architecture from your directory structure, real API examples from your routes, and real prerequisites from your dependency files.