relaticle-comments/docs/content/2.essentials/2.authorization.md

title, description, navigation, seo

title	description	navigation	seo
Authorization	Control who can create, edit, delete, and reply to comments.	icon i-lucide-shield	description Configure comment authorization policies.

Default Policy

The built-in CommentPolicy provides sensible defaults:

Method	Default	Description
viewAny()	true	Everyone can view comments
create()	true	Everyone can create comments
update()	Owner only	Only the comment author can edit
delete()	Owner only	Only the comment author can delete
reply()	Depth check	Can reply if max_depth not exceeded

Custom Policy

Create your own policy to customize authorization:

namespace App\Policies;

use Relaticle\Comments\Models\Comment;
use Relaticle\Comments\Contracts\Commentator;

class CustomCommentPolicy
{
    public function viewAny(Commentator $user): bool
    {
        return true;
    }

    public function create(Commentator $user): bool
    {
        return true;
    }

    public function update(Commentator $user, Comment $comment): bool
    {
        return $comment->commenter_id === $user->getKey()
            && $comment->commenter_type === $user->getMorphClass();
    }

    public function delete(Commentator $user, Comment $comment): bool
    {
        return $comment->commenter_id === $user->getKey()
            || $user->hasRole('admin');
    }

    public function reply(Commentator $user, Comment $comment): bool
    {
        return $comment->canReply();
    }
}

Register it in your config:

// config/comments.php
'policy' => App\Policies\CustomCommentPolicy::class,

How Authorization Works

The Livewire components check the policy before rendering action buttons. Edit and delete buttons only appear for authorized users. Reply buttons are hidden when the thread has reached the configured max_depth.

The policy is registered automatically by the service provider using Laravel's Gate system.