Laravel 9 ( Policy is not invoked automatically )

[fabuhelow]

I have a question regarding to use Laravel policy. After registering the policy into AuthServiceProvider, should it called automatically or it should be invoked through middleware, controller?

Example:
I have created a Product model and ProductPolicy classes. then I registered my ProductPolicy into AuthServiceProvider as below.

Product.php:

`class Product extends Model
{
use HasFactory;

protected $table = 'products';

protected $fillable = [
	'name',
	'detail'
];

}`

ProductPolicy.php

`namespace App\Policies;

use App\Models\Product;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Support\Facades\Log;

class ProductPolicy
{
use HandlesAuthorization;

/**
 * Determine whether the user can view any models.
 *
 * @param  \App\Models\User  $user
 * @return \Illuminate\Auth\Access\Response|bool
 */
public function viewAny(User $user)
{
    Log::info('User can view products');
    return $user->can('view products');
}

/**
 * Determine whether the user can view the model.
 *
 * @param  \App\Models\User  $user
 * @param  \App\Models\Product  $product
 * @return \Illuminate\Auth\Access\Response|bool
 */
public function view(User $user, Product $product)
{
    Log::info('User can view product');
    return $user->can('view product');
}

/**
 * Determine whether the user can create models.
 *
 * @param  \App\Models\User  $user
 * @return \Illuminate\Auth\Access\Response|bool
 */
public function create(User $user)
{
    Log::info('User can create products');
    return $user->can('create products');
}

/**
 * Determine whether the user can update the model.
 *
 * @param  \App\Models\User  $user
 * @param  \App\Models\Product  $product
 * @return \Illuminate\Auth\Access\Response|bool
 */
public function update(User $user, Product $product)
{
    //
}

/**
 * Determine whether the user can delete the model.
 *
 * @param  \App\Models\User  $user
 * @param  \App\Models\Product  $product
 * @return \Illuminate\Auth\Access\Response|bool
 */
public function delete(User $user, Product $product)
{
    //
}

/**
 * Determine whether the user can restore the model.
 *
 * @param  \App\Models\User  $user
 * @param  \App\Models\Product  $product
 * @return \Illuminate\Auth\Access\Response|bool
 */
public function restore(User $user, Product $product)
{
    //
}

/**
 * Determine whether the user can permanently delete the model.
 *
 * @param  \App\Models\User  $user
 * @param  \App\Models\Product  $product
 * @return \Illuminate\Auth\Access\Response|bool
 */
public function forceDelete(User $user, Product $product)
{
    //
}

}
`

AuthServiceProvider.php

`class AuthServiceProvider extends ServiceProvider
{
/**
* The model to policy mappings for the application.
*
* @var array<class-string, class-string>
*/
protected $policies = [
'App\Model' => 'App\Policies\ModelPolicy',
Product::class=>ProductPolicy::class,
];

/**
 * Register any authentication / authorization services.
 *
 * @return void
 */
public function boot()
{
    $this->registerPolicies();

....`

api.php ( Route )

`Route::controller(\App\Http\Controllers\AuthController::class)->group(function(){
Route::post('register', 'register');
Route::post('login', 'login');
});

Route::middleware('auth:api')->group( function () {
Route::resource('products', \App\Http\Controllers\ProductController::class);
});`

ProductController.php
`class ProductController extends BaseController
{
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
*/

public function index()
{
    $products = Product::all();
    return $this->sendResponse($products, 'Products retrieved successfully.');
}`

Now, when I consumed the below curl request, the ProductPolicy is not invoked. As you can see I use the Laravel Log just to make sure that my policy is invoked.

So, could you please help me to understand when the policy will be invoked? and if there is anyway to invoke it when any model action is happening ( searching, create, update etc .. ).