Policies and Authorization Use Policies for per-model actions; use Gates for cross-cutting checks. Commands Patterns - Use resource policy methods: - Prefer policy methods over inline checks; keeps controllers clean - Register policies in - Use middleware for quick route protection: - In tests, assert for denied cases ---