document gate facade

Author: taylorotwell

Diff for: authorization.md

@@ -18,7 +18,7 @@
     - [Policy Filters](#policy-filters)
 - [Authorizing Actions Using Policies](#authorizing-actions-using-policies)
     - [Via the User Model](#via-the-user-model)
-    - [Via Controller Helpers](#via-controller-helpers)
+    - [Via the Gate Facade](#via-the-gate-facade)
     - [Via Middleware](#via-middleware)
     - [Via Blade Templates](#via-blade-templates)
     - [Supplying Additional Context](#supplying-additional-context)
@@ -564,10 +564,10 @@ Remember, some actions may correspond to policy methods like `create` that do no
         }
     }
 
-<a name="via-controller-helpers"></a>
-### Via Controller Helpers
+<a name="via-the-gate-facade"></a>
+### Via the `Gate` Facade
 
-In addition to helpful methods provided to the `App\Models\User` model, Laravel provides a helpful `authorize` method to any of your controllers which extend the `App\Http\Controllers\Controller` base class.
+In addition to helpful methods provided to the `App\Models\User` model, you can always authorize actions via the `Gate` facade's `authorize` method.
 
 Like the `can` method, this method accepts the name of the action you wish to authorize and the relevant model. If the action is not authorized, the `authorize` method will throw an `Illuminate\Auth\Access\AuthorizationException` exception which the Laravel exception handler will automatically convert to an HTTP response with a 403 status code:
 
@@ -579,6 +579,7 @@ Like the `can` method, this method accepts the name of the action you wish to au
     use App\Models\Post;
     use Illuminate\Http\RedirectResponse;
     use Illuminate\Http\Request;
+    use Illuminate\Support\Facades\Gate;
 
     class PostController extends Controller
     {
@@ -589,7 +590,7 @@ Like the `can` method, this method accepts the name of the action you wish to au
          */
         public function update(Request $request, Post $post): RedirectResponse
         {
-            $this->authorize('update', $post);
+            Gate::authorize('update', $post);
 
             // The current user can update the blog post...
 
@@ -605,6 +606,7 @@ As previously discussed, some policy methods like `create` do not require a mode
     use App\Models\Post;
     use Illuminate\Http\RedirectResponse;
     use Illuminate\Http\Request;
+    use Illuminate\Support\Facades\Gate;
 
     /**
      * Create a new blog post.
@@ -613,61 +615,17 @@ As previously discussed, some policy methods like `create` do not require a mode
      */
     public function create(Request $request): RedirectResponse
     {
-        $this->authorize('create', Post::class);
+        Gate::authorize('create', Post::class);
 
         // The current user can create blog posts...
 
         return redirect('/posts');
     }
 
-<a name="authorizing-resource-controllers"></a>
-#### Authorizing Resource Controllers
-
-If you are utilizing [resource controllers](/docs/{{version}}/controllers#resource-controllers), you may make use of the `authorizeResource` method in your controller's constructor. This method will attach the appropriate `can` middleware definitions to the resource controller's methods.
-
-The `authorizeResource` method accepts the model's class name as its first argument, and the name of the route / request parameter that will contain the model's ID as its second argument. You should ensure your [resource controller](/docs/{{version}}/controllers#resource-controllers) is created using the `--model` flag so that it has the required method signatures and type hints:
-
-    <?php
-
-    namespace App\Http\Controllers;
-
-    use App\Http\Controllers\Controller;
-    use App\Models\Post;
-
-    class PostController extends Controller
-    {
-        /**
-         * Create the controller instance.
-         */
-        public function __construct()
-        {
-            $this->authorizeResource(Post::class, 'post');
-        }
-    }
-
-The following controller methods will be mapped to their corresponding policy method. When requests are routed to the given controller method, the corresponding policy method will automatically be invoked before the controller method is executed:
-
-<div class="overflow-auto">
-
-| Controller Method | Policy Method |
-| --- | --- |
-| index | viewAny |
-| show | view |
-| create | create |
-| store | create |
-| edit | update |
-| update | update |
-| destroy | delete |
-
-</div>
-
-> [!NOTE]  
-> You may use the `make:policy` command with the `--model` option to quickly generate a policy class for a given model: `php artisan make:policy PostPolicy --model=Post`.
-
 <a name="via-middleware"></a>
 ### Via Middleware
 
-Laravel includes a middleware that can authorize actions before the incoming request even reaches your routes or controllers. By default, the `Illuminate\Auth\Middleware\Authorize` middleware is assigned the `can` key in your `App\Http\Kernel` class. Let's explore an example of using the `can` middleware to authorize that a user can update a post:
+Laravel includes a middleware that can authorize actions before the incoming request even reaches your routes or controllers. By default, the `Illuminate\Auth\Middleware\Authorize` middleware is assigned the `can` key in your application's `App\Http\Kernel` class. Let's explore an example of using the `can` middleware to authorize that a user can update a post:
 
     use App\Models\Post;