When would you ever need to explicitly bind a model vs utilize Laravel’s implicit binding? A frequently asked question that I frequently find doesn’t have an appropriate, or simple enough, response. Because of that, I don’t see it used as frequently as it should be.

In the previous example, we used the following implicit route-model binding technique.

use App\Models\User;

Route::get('/implicit-binding/{user}', function (User $user) {
    return $user;
});

What if we wanted to only return the user that has been verified. What I normally see is the following code:

use App\Models\User;

Route::get('/implicit-binding/{user}', function (User $user) {
    if ($user->email_verified_at != null) {
        return $user;
    }

    abort(404);
});

Wouldn’t it be nice if we could skip all of that and make our code look neater? We can, through explicit route model binding.

Explicit Route Model Binding

If we know that we’re going to be returning only verified users, we can bind a model to a specific URL parameter. For example,

use App\Models\User;

Route::get('/explicit-binding/{verifiedUser}', function (User $user) {
    return $user;
});

In the code above, each time that we specify verifiedUser in a route, we want to explicitly bind the User model to the $user argument. We could change it to $verifiedUser to keep consistent, but it’s not necessary.

Now what? How does Laravel know that it should return a user only if their email has been verified? With the following code that we’ll create.

Route::bind('verifiedUser', function($value) {
    return User::where('id', $value)
        ->where('email_verified_at', '!=', null)
        ->firstOrFail();
});

We utilize a Route::bind method and specify verifiedUser as the first argument. The value that’s passed through the URL argument (verifiedUser), which will be an ID, is going to get passed as the $value parameter. From there, we can search for a user where the id is equal to the $value and where(‘email_verified_at’, ‘!=’, null).

Where do we place this code? In our route (web.php) file? Nope. This actually goes into the RouteServiceProvider. It’s a convenient name since it has Route in it.

Inside the RouteServiceProvider, we’re going to place that code in the boot method.

<?php

namespace App\Providers;

use App\Models\User;
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\Facades\Route;

class RouteServiceProvider extends ServiceProvider
{
    /**
     * The path to the "home" route for your application.
     *
     * Typically, users are redirected here after authentication.
     *
     * @var string
     */
    public const HOME = '/home';

    /**
     * Define your route model bindings, pattern filters, and other route configuration.
     *
     * @return void
     */
    public function boot()
    {
        $this->configureRateLimiting();

        $this->routes(function () {
            Route::middleware('api')
                ->prefix('api')
                ->group(base_path('routes/api.php'));

            Route::middleware('web')
                ->group(base_path('routes/web.php'));
        });

        Route::bind('verifiedUser', function($value) {
            return User::where('id', $value)
                ->where('email_verified_at', '!=', null)
                ->firstOrFail();
        });
    }

    // ...
}

And that’s it. Refresh your route. If there are any resources that contain an unverified email address, you will receive a 404 error, otherwise you’ll receive the user details.