# Authorization > Control who can create, edit, delete, and reply to comments. ## Default Policy The built-in `CommentPolicy` provides sensible defaults:

Method	Default	Description
`viewAny()`	`true`	Everyone can view comments
`create()`	`true`	Everyone can create comments
`update()`	Owner only	Only the comment author can edit
`delete()`	Owner only	Only the comment author can delete
`reply()`	Depth check	Can reply if `max_depth` not exceeded

## Custom Policy Create your own policy to customize authorization: ```php namespace App\Policies; use Relaticle\Comments\Models\Comment; use Relaticle\Comments\Contracts\Commentator; class CustomCommentPolicy { public function viewAny(Commentator $user): bool { return true; } public function create(Commentator $user): bool { return true; } public function update(Commentator $user, Comment $comment): bool { return $comment->commenter_id === $user->getKey() && $comment->commenter_type === $user->getMorphClass(); } public function delete(Commentator $user, Comment $comment): bool { return $comment->commenter_id === $user->getKey() || $user->hasRole('admin'); } public function reply(Commentator $user, Comment $comment): bool { return $comment->canReply(); } } ``` Register it in your config: ```php // config/comments.php 'policy' => App\Policies\CustomCommentPolicy::class, ``` ## How Authorization Works The Livewire components check the policy before rendering action buttons. Edit and delete buttons only appear for authorized users. Reply buttons are hidden when the thread has reached the configured `max_depth`. The policy is registered automatically by the service provider using Laravel's Gate system.