PHPackages aammui/role-permission - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. aammui/role-permission ActiveLibrary[Authentication & Authorization](/categories/authentication) aammui/role-permission ====================== Role permission system for laravel 3.1.3(2y ago)3529[1 issues](https://github.com/bedus-creation/role-permission/issues)MITPHPPHP ^7.4|^8.0 Since Aug 3Pushed 2y ago2 watchersCompare [ Source](https://github.com/bedus-creation/role-permission)[ Packagist](https://packagist.org/packages/aammui/role-permission)[ RSS](/packages/aammui-role-permission/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (7)Dependencies (6)Versions (17)Used By (0) Introduction and Core Concepts ------------------------------ [](#introduction-and-core-concepts) ### Content [](#content) 1. [Introduction](https://github.com/bedus-creation/role-permission#introduction) 2. [Installation](https://github.com/bedus-creation/role-permission#installation) Introduction ------------ [](#introduction) ### Role [](#role) Role can be used to define a group of permission. If a user has a editor role, he/she can edit, delete, publish articles. I prefer to use role in most of the cases to allow a group of action. ``` $user->addRole('admin'); ``` - Roles are **case insensetive**. `$user->addRole('admin');` and `$user->addRole('Admin');` has same meaning. - Roles not need to create explicitly. `$user->addRole('admin');` This function creats a new role **admin** if the given role is not created yet in the database, and then the given role is assign to the given user. #### To add permission to role [](#to-add-permission-to-role) ``` $role->addPermission('read article'); // or $role->addPermission(['read article','update article']); ``` To attach a CRUD of permission to Role. ``` $role->addResourcePermission('article'); ``` It will add create article, read article, update article, delete article permission to the given role. ### Permission [](#permission) Permission can be used to **deny** a particular action. I assume in most of the cases the actions are associated with roles. So, if read, write, delete article action is associated with a Editor role, then you can deny Editor to delete article by: ``` $user->removePermission('delete article'); ``` ### Middleware [](#middleware) Use either permission or role as a middleware to protect the resources. Use `|` to use multiple role or permission in a middleware. If both role and permission middleware are defined both middleware should passed to access the resources. Here, you can deny to publish a article even he has got a editor role. ##### Add middlewire in the route middlewire section. `App\Http\Kernel.php` [](#add-middlewire-in-the-route-middlewire-section-apphttpkernelphp) ``` protected $routeMiddleware = [ 'role' => \Aammui\RolePermission\Middleware\Role::class, ] ``` ##### Use Middlewire in anywhere [](#use-middlewire-in-anywhere) ``` Route::group(['middleware' => ['role:system admin|database admin','permission:read article']], function () { // }); ``` above can interpret as user should have sytem admin or database admin role **and** read article permission **is not** denied. Installation ------------ [](#installation) ``` composer require aammui/role-permission ``` ##### Laravel Compatibility [](#laravel-compatibility) Laravel VersionRole Permission VersionInstallation9.x3.0.0`composer require aammui/role-permission:3.0.0`8.x2.0.0`composer require aammui/role-permission:2.0.0`7.x1.0.0`composer require aammui/role-permission:1.0.0`6.x, 5.x0.7`composer require aammui/role-permission:0.7`#### Publish the assests and run migrations [](#publish-the-assests-and-run-migrations) ``` php artisan vendor:publish --provider="Aammui\RolePermission\RolePermissionServiceProvider" php artisan migrate ``` Uses ---- [](#uses) Use a trait `HasRole` to your user model. ``` use Aammui\RolePermission\Traits\HasRole; class User extends Authenticatable { use Notifiable, HasRole; } ``` and then following api are available to you. - `public function addRole($role): void ` This **sync** the roles, if a user has admin role and then you send only editor, it will remove admin role and then user will only have editor role. Send all roles to update the roles. - `public function getRoles(): array` It returns roles in array. - `public function hasGotRole(array $roles): bool` Exception --------- [](#exception) It throws following exception as below. ExceptionRemarks`Aammui\RolePermission\Exception\UserNotLoginException`User is not logged in yet.`Aammui\RolePermission\Exception\RoleDoesNotExistException`A function or route is protected by a role, and logged in user doesn't have that role yet.#### UseCase: Exception uses for user redirection. [](#usecase-exception-uses-for-user-redirection) Suppose we want to redirect not logged in user to login page, which can be done using handling exception in `app\Exceptions\Handler.php` class. The purpose of this exception make available is to support full customization. For example you may want to redirect to login page for that user whom don't have right role, or you simply only want to show 403 page. ``` // App\Exceptions\Handler.php; use Aammui\RolePermission\Exception\UserNotLoginException; use Aammui\RolePermission\Exception\RoleDoesNotExistException; .... public function render($request, Throwable $exception) { if ($exception instanceof UserNotLoginException) { return redirect('/login') ->with('error', $exception->getMessage()); } if ($exception instanceof RoleDoesNotExistException) { return redirect('/login') ->with('error', $exception->getMessage()); } return parent::render($request, $exception); } ``` ### Health Score 31 — LowBetter than 68% of packages Maintenance13 Infrequent updates — may be unmaintained Popularity19 Limited adoption so far Community10 Small or concentrated contributor base Maturity68 Established project with proven stability Bus Factor1 Top contributor holds 94.6% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~160 days Recently: every ~166 days Total 9 Last Release 820d ago Major Versions 0.7 → V1.0.02020-09-01 v1.1.0 → v2.0.02021-05-16 v2.0.0 → v3.0.02022-04-17 PHP version history (2 changes)0.7PHP ^7.2 v2.0.0PHP ^7.4|^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/cf8c945207e550cfcd88c4de4bb813229578072eb2bdf5a96238efe6ce3ae0c8?d=identicon)[bedus\_creation](/maintainers/bedus_creation) --- Top Contributors [![bedus-creation](https://avatars.githubusercontent.com/u/25701752?v=4)](https://github.com/bedus-creation "bedus-creation (35 commits)")[![jobins-bedram](https://avatars.githubusercontent.com/u/221937772?v=4)](https://github.com/jobins-bedram "jobins-bedram (2 commits)") ### Code Quality TestsPHPUnit Static AnalysisPsalm Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/aammui-role-permission/health.svg) ``` [![Health](https://phpackages.com/badges/aammui-role-permission/health.svg)](https://phpackages.com/packages/aammui-role-permission) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M344](/packages/tymon-jwt-auth)[laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor)[casbin/laravel-authz An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel. 324339.9k4](/packages/casbin-laravel-authz)[alajusticia/laravel-logins Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser 2011.0k](/packages/alajusticia-laravel-logins)[wnikk/laravel-access-rules Simple system of ACR (access control rules) for Laravel, with roles, groups, unlimited inheritance and possibility of multiplayer use. 103.6k1](/packages/wnikk-laravel-access-rules) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)