PHPackages                             andrewdyer/gate - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. andrewdyer/gate

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

andrewdyer/gate
===============

Check if a user is authorized to perform a given action

1.0.1(1y ago)019MITPHPPHP ^7.2.5CI passing

Since Feb 22Pushed 2w ago1 watchersCompare

[ Source](https://github.com/andrewdyer/gate)[ Packagist](https://packagist.org/packages/andrewdyer/gate)[ RSS](/packages/andrewdyer-gate/feed)WikiDiscussions main Synced 2mo ago

READMEChangelog (9)Dependencies (3)Versions (4)Used By (0)

Auth Gate
=========

[](#auth-gate)

A framework-agnostic library for defining abilities and enforcing authorisation checks against an authenticated user.

[![Latest Stable Version](https://camo.githubusercontent.com/31416a5453637e62d5c16d4d5b79cefd771512b465d1dd82b113c57f925f79ef/687474703a2f2f706f7365722e707567782e6f72672f616e64726577647965722f617574682d676174652f763f7374796c653d666c61742d737175617265)](https://packagist.org/packages/andrewdyer/auth-gate)[![Total Downloads](https://camo.githubusercontent.com/33d2423fbec334ad2c52f1a824930ac087e08eb45fc378600d2d1391b7c71f94/687474703a2f2f706f7365722e707567782e6f72672f616e64726577647965722f617574682d676174652f646f776e6c6f6164733f7374796c653d666c61742d737175617265)](https://packagist.org/packages/andrewdyer/auth-gate)[![License](https://camo.githubusercontent.com/eb9832b12909d0d2492505e5ef185b7b106492c7f08b28bb1356d05a33622c64/687474703a2f2f706f7365722e707567782e6f72672f616e64726577647965722f617574682d676174652f6c6963656e73653f7374796c653d666c61742d737175617265)](https://packagist.org/packages/andrewdyer/auth-gate)[![PHP Version Require](https://camo.githubusercontent.com/6dece54a75b5f81d6715120318da68e222140b16994a21122990b443af7500eb/687474703a2f2f706f7365722e707567782e6f72672f616e64726577647965722f617574682d676174652f726571756972652f7068703f7374796c653d666c61742d737175617265)](https://packagist.org/packages/andrewdyer/auth-gate)

Introduction
------------

[](#introduction)

This library lets you register named ability callbacks and evaluate them against the authenticated user who is performing the action. It supports global before callbacks for overrides, checks for single or multiple abilities, and an explicit authorisation flow that throws an unauthorised exception when checks fail. Undefined abilities and invalid before callback return values are also surfaced through typed exceptions.

Prerequisites
-------------

[](#prerequisites)

- **[PHP](https://www.php.net/)**: Version 8.3 or higher is required.
- **[Composer](https://getcomposer.org/)**: Dependency management tool for PHP.

Installation
------------

[](#installation)

```
composer require andrewdyer/auth-gate
```

Getting Started
---------------

[](#getting-started)

### 1. Implement the actor

[](#1-implement-the-actor)

Any class that represents an authenticated actor must implement the `Authenticatable` interface. This is the object that will be evaluated against your defined abilities.

```
use AndrewDyer\Gate\Contracts\Authenticatable;

class User implements Authenticatable
{
    public function __construct(
        public readonly int $id,
        public readonly bool $admin = false,
    ) {}

    public function isAdmin(): bool
    {
        return $this->admin;
    }
}
```

### 2. Create a Gate instance

[](#2-create-a-gate-instance)

Instantiate the `Gate` with the authenticated actor. This instance will be used to define and evaluate abilities.

```
use AndrewDyer\Gate\Gate;

$actor = new User(id: 1);

$gate = new Gate($actor);
```

Usage
-----

[](#usage)

The following examples demonstrate the available gate operations using the setup above.

### Defining Abilities

[](#defining-abilities)

Abilities are registered via the `define` method, which accepts an ability name and a callback that returns a boolean.

```
$gate->define('edit-post', function ($actor, $post) {
    return $actor->id === $post->authorId;
});
```

### Checking Abilities

[](#checking-abilities)

Use `allows` and `denies` to evaluate a single ability, or `all` and `any` for multiple abilities.

```
$gate->allows('edit-post', $post); // true or false
$gate->denies('edit-post', $post); // true or false

$gate->all(['edit-post', 'delete-post'], $post);  // true if all pass
$gate->any(['edit-post', 'view-post'], $post);    // true if any pass
```

### Authorising Actions

[](#authorising-actions)

`authorize` throws an `UnauthorizedException` if the actor lacks any of the given abilities.

```
use AndrewDyer\Gate\UnauthorizedException;

try {
    $gate->authorize(['edit-post'], $post);
} catch (UnauthorizedException $e) {
    // Actor is not authorised
}
```

### Registering Before Callbacks

[](#registering-before-callbacks)

Before callbacks run prior to all ability checks. Returning `true` or `false` short-circuits the evaluation; returning `null` (or nothing) defers to the defined ability.

```
$gate->before(function ($actor, $ability) {
    if ($actor->isAdmin()) {
        return true;
    }
});
```

License
-------

[](#license)

Licensed under the [MIT license](https://opensource.org/licenses/MIT) and is free for private or commercial projects.

###  Health Score

37

—

LowBetter than 81% of packages

Maintenance71

Regular maintenance activity

Popularity6

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity54

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~1766 days

Total

2

Last Release

558d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/666597ea6e46748a89fe8764d1a45b4d0da97daf1bb1e9770ea34ae41f706d08?d=identicon)[andrewdyer](/maintainers/andrewdyer)

---

Top Contributors

[![andrewdyer](https://avatars.githubusercontent.com/u/8114523?v=4)](https://github.com/andrewdyer "andrewdyer (24 commits)")

---

Tags

abilitiesaccess-controlauthorizationframework-agnosticgatephpphpauthorizationpermissionsgate

###  Code Quality

TestsPHPUnit

Code StylePHP CS Fixer

### Embed Badge

![Health badge](/badges/andrewdyer-gate/health.svg)

```
[![Health](https://phpackages.com/badges/andrewdyer-gate/health.svg)](https://phpackages.com/packages/andrewdyer-gate)
```

###  Alternatives

[santigarcor/laratrust

This package provides a flexible way to add Role-based Permissions to Laravel

2.3k5.8M47](/packages/santigarcor-laratrust)[shanmuga/laravel-entrust

This package provides a flexible solution to add ACL to Laravel

69337.5k2](/packages/shanmuga-laravel-entrust)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6783.6k6](/packages/hasinhayder-tyro)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
