What are Policies in Laravel?
Why Interviewers Ask This
This tests whether you can apply Laravel knowledge to real-world scenarios. Interviewers are looking for clarity of thought and evidence that you've encountered this in production code.
Answer
Policies are classes that organize authorization logic around a particular model or resource. Generate: php artisan make:policy PostPolicy --model=Post. Define authorization methods: public function update(User $user, Post $post): bool { return $user->id === $post->user_id; }. Register in AuthServiceProvider or use auto-discovery. Check in controllers: $this->authorize("update", $post) — throws 403 if unauthorized. In Blade: @can("update", $post) ... @endcan. Via Gate: Gate::allows("update", $post). Policies support viewAny, view, create, update, delete, restore, forceDelete methods. The before() method can grant blanket permissions to admins before any other check.
Common Mistake
Rushing to answer is a common mistake. Take two seconds to structure your response: definition → example → trade-off. This structure makes complex Laravel answers easy to follow.