Essentials
Authorization
Control who can create, edit, delete, and reply to comments.
Default Policy
The built-in CommentPolicy provides sensible defaults:
| Method | Default | Description |
|---|---|---|
viewAny() | true | Everyone can view comments |
create() | true | Everyone can create comments |
update() | Owner only | Only the comment author can edit |
delete() | Owner only | Only the comment author can delete |
reply() | Depth check | Can reply if max_depth not exceeded |
Custom Policy
Create your own policy to customize authorization:
namespace App\Policies;
use Relaticle\Comments\Models\Comment;
use Relaticle\Comments\Contracts\Commentator;
class CustomCommentPolicy
{
public function viewAny(Commentator $user): bool
{
return true;
}
public function create(Commentator $user): bool
{
return true;
}
public function update(Commentator $user, Comment $comment): bool
{
return $comment->commenter_id === $user->getKey()
&& $comment->commenter_type === $user->getMorphClass();
}
public function delete(Commentator $user, Comment $comment): bool
{
return $comment->commenter_id === $user->getKey()
|| $user->hasRole('admin');
}
public function reply(Commentator $user, Comment $comment): bool
{
return $comment->canReply();
}
}
Register it in your config:
// config/comments.php
'policy' => App\Policies\CustomCommentPolicy::class,
How Authorization Works
The Livewire components check the policy before rendering action buttons. Edit and delete buttons only appear for authorized users. Reply buttons are hidden when the thread has reached the configured max_depth.
The policy is registered automatically by the service provider using Laravel's Gate system.