PHPackages                             abdulbaset/laravel-accessify - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. abdulbaset/laravel-accessify

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

abdulbaset/laravel-accessify
============================

A Laravel package for managing roles and permissions

v1.0.1(7mo ago)317MITPHPPHP ^8.1

Since Dec 3Pushed 7mo agoCompare

[ Source](https://github.com/AbdulbasetRS/Laravel-Accessify)[ Packagist](https://packagist.org/packages/abdulbaset/laravel-accessify)[ RSS](/packages/abdulbaset-laravel-accessify/feed)WikiDiscussions main Synced today

READMEChangelog (1)Dependencies (3)Versions (3)Used By (0)

Laravel Accessify
=================

[](#laravel-accessify)

 [![Laravel Accessify](docs/thumbnail.png)](docs/thumbnail.png)

A simple and flexible package for handling roles and permissions in Laravel applications.

Why Accessify?
--------------

[](#why-accessify)

### The Name

[](#the-name)

The name **Accessify** is derived from the word "Access", which reflects the core concept of the package — controlling access to system resources through roles and permissions. The suffix "-ify" gives the name a modern and dynamic feel, indicating that the package helps you apply access control rules in a flexible and efficient way.

### The Concept

[](#the-concept)

Just like a security guard who determines who can enter a building and what areas they can access, Accessify helps you manage who can do what in your Laravel application — using a simple and expressive Role-Based Access Control (RBAC) system.

In short: **Accessify = "Control access with simplicity and power"**.

### Why Choose Accessify?

[](#why-choose-accessify)

- **Simplicity**: Easy to set up and use with minimal configuration
- **Flexibility**: Adapts to your application's needs with customizable roles and permissions
- **Performance**: Lightweight and optimized for speed
- **Laravel Integration**: Built specifically for Laravel with best practices in mind
- **Active Maintenance**: Regularly updated and maintained

Requirements
------------

[](#requirements)

- PHP 8.1 or higher
- Laravel 10.x, 11.x, or 12.x

Features
--------

[](#features)

- Role-based access control (RBAC)
- Permission management
- Blade directives for easy role and permission checks in views
- Artisan commands for managing roles and permissions
- Support for multiple roles per user
- Lightweight and easy to integrate

Installation
------------

[](#installation)

1. Install the package via Composer:

```
composer require abdulbaset/laravel-accessify
```

2. Publish the configuration file (optional):

```
php artisan vendor:publish --provider="Abdulbaset\Accessify\AccessifyServiceProvider" --tag="accessify-config"
```

3. Run the migrations:

```
php artisan migrate
```

> **Note:** The migrations will run automatically from the package. If you need to modify them, you can publish them using:
>
> ```
> php artisan vendor:publish --provider="Abdulbaset\Accessify\AccessifyServiceProvider" --tag="accessify-migrations"
> ```

Configuration
-------------

[](#configuration)

You can customize the package by publishing the configuration file:

```
php artisan vendor:publish --provider="Abdulbaset\Accessify\AccessifyServiceProvider" --tag="accessify-config"
```

Artisan Commands
----------------

[](#artisan-commands)

### 1. Managing Roles

[](#1-managing-roles)

#### Seed Roles (Safe ✅)

[](#seed-roles-safe-)

```
php artisan accessify:roles:seed
```

This command will **safely seed** roles from your config file. It will:

- Create any new roles from your config file
- Create missing permissions for roles
- Add missing permissions to roles
- **Never delete** any roles, even if they're not in your config file

#### Sync Roles (Dangerous ⚠️)

[](#sync-roles-dangerous-️)

```
php artisan accessify:roles:sync
```

This command will **synchronize** roles between your config file and database. It will:

- **Delete** any roles not in your config file
- Create all roles from your config file
- Create missing permissions for roles
- Add missing permissions to roles

### 2. Managing Permissions

[](#2-managing-permissions)

#### Seed Permissions (Safe ✅)

[](#seed-permissions-safe-)

```
php artisan accessify:permissions:seed
```

This command will **safely seed** permissions from your config file. It will:

- Create any new permissions from your config file
- **Never delete** any permissions, even if they're not in your config file

#### Sync Permissions (Dangerous ⚠️)

[](#sync-permissions-dangerous-️)

```
php artisan accessify:permissions:sync
```

This command will **synchronize** permissions between your config file and database. It will:

- **Delete** any permissions not in your config file
- Create all permissions from your config file

### When to Use Each Command

[](#when-to-use-each-command)

CommandSafe?Best For`accessify:roles:seed`✅ SafeInitial setup or adding new roles without affecting existing ones`accessify:roles:sync`⚠️ DangerousCleaning up old roles and ensuring database matches config exactly`accessify:permissions:seed`✅ SafeAdding new permissions without affecting existing ones`accessify:permissions:sync`⚠️ DangerousCleaning up old permissions and ensuring database matches config exactly### Recommended Workflow

[](#recommended-workflow)

1. Use the safe `accessify:roles:seed` and `accessify:permissions:seed` for normal development
2. Only use `accessify:roles:sync` and `accessify:permissions:sync` when you need to clean up old data
3. Always backup your database before running sync commands
4. In production, consider running sync commands in a controlled manner after thorough testing

Usage
-----

[](#usage)

### Add HasRoles Trait to User Model

[](#add-hasroles-trait-to-user-model)

Add the `HasRoles` trait to your User model:

```
use Abdulbaset\Accessify\Traits\HasRoles;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use HasRoles;

    // ...
}
```

> **Important:** Each user can have only one role. The system enforces this constraint at the database level.

### Built-in Middleware

[](#built-in-middleware)

This package includes three middleware classes that are automatically registered with the service provider. These provide out-of-the-box protection for your routes.

#### Available Middleware

[](#available-middleware)

1. **Role Middleware** - Restrict access to users with a specific role
2. **Permission Middleware** - Restrict access to users with a specific permission
3. **Role or Permission Middleware** - Restrict access to users with either a specific role or permission

#### Usage in Routes

[](#usage-in-routes)

Use the built-in middleware directly in your route definitions like this:

```
// Using role middleware
Route::get('/admin', function () {
    // Users with either 'admin' or 'super-admin' role can access this route
})->middleware('role:admin|super-admin');

Route::get('/posts', function () {
    // Users with either 'view-posts' or 'manage-posts' permission can access this route
})->middleware('permission:view-posts|manage-posts');

Route::get('/dashboard', function () {
    // Users with either 'admin' role or 'view-dashboard' permission can access this route
})->middleware('role_or_permission:admin|view-dashboard');
```

#### Usage in Controllers

[](#usage-in-controllers)

You can also apply middleware in your controller's constructor:

1. Laravel 10.x ([Source: Laravel 10.x Documentation](https://laravel.com/docs/10.x/controllers#controller-middleware))

```
class YourController extends Controller
{
    public function __construct()
    {
        // Authentication middleware
        $this->middleware('auth');

        // Role middleware with specific methods
        $this->middleware('role:admin')->only('index');

        // Or for multiple roles
        $this->middleware('role:admin|editor')->only('index');

        // Using permission middleware
        $this->middleware('permission:edit-posts')->only('store');

        // Or for multiple permissions
        $this->middleware('permission:edit-posts|store-posts')->only('store');

        // Using role or permission middleware
        $this->middleware('role_or_permission:admin|edit-posts')->only('store');
    }
}
```

2. Laravel 11.x ([Source: Laravel 11.x Documentation](https://laravel.com/docs/11.x/controllers#controller-middleware))

```
use Illuminate\Routing\Controllers\Middleware;
use Illuminate\Routing\Controllers\HasMiddleware;

class YourController implements HasMiddleware
{
    public static function middleware(): array
    {
        return [
            // Authentication middleware
            'auth',

            // Role middleware with specific methods
            new Middleware('role:admin', ['index', 'show']),

            // Multiple roles with OR condition
            new Middleware('role:admin|editor', ['create', 'store']),

            // Permission middleware with specific methods
            new Middleware('permission:create', ['store']),

            // Multiple permissions with OR condition
            new Middleware('permission:create|update|delete', ['destroy']),

            // Role or permission middleware with multiple methods
            new Middleware('role_or_permission:admin|edit-posts', ['edit', 'update']),
        ];
    }
}
```

3. Laravel 12.x ([Source: Laravel 12.x Documentation](https://laravel.com/docs/12.x/controllers#controller-middleware))

```
use Illuminate\Routing\Controllers\Middleware;
use Illuminate\Routing\Controllers\HasMiddleware;

class YourController implements HasMiddleware
{
    public static function middleware(): array
    {
        return [
            // Authentication middleware
            'auth',

            // Role middleware with specific methods
            new Middleware('role:admin', ['index', 'show']),

            // Multiple roles with OR condition
            new Middleware('role:admin|editor', ['create', 'store']),

            // Permission middleware with specific methods
            new Middleware('permission:create', ['store']),

            // Multiple permissions with OR condition
            new Middleware('permission:create|update|delete', ['destroy']),

            // Role or permission middleware with multiple methods
            new Middleware('role_or_permission:admin|edit-posts', ['edit', 'update']),
        ];
    }
}
```

#### Multiple Roles/Permissions

[](#multiple-rolespermissions)

You can specify multiple roles or permissions by separating them with a comma:

```
// User must have at least one of the specified roles
Route::get('/admin', function () {
    // User must have EITHER 'admin' OR 'super-admin' role
})->middleware('role:admin|super-admin');

// User must have at least one of the specified permissions
Route::get('/posts', function () {
    // User must have EITHER 'view-posts' OR 'manage-posts' permission
})->middleware('permission:view-posts|manage-posts');
```

#### Middleware Groups

[](#middleware-groups)

You can also use these middleware in route groups:

```
// All routes in this group require the 'admin' role
Route::middleware(['role:admin'])->group(function () {
    Route::get('/admin/dashboard', 'AdminController@dashboard');
    Route::get('/admin/users', 'AdminController@users');
});

// All routes in this group require the 'edit-posts' permission
Route::middleware(['permission:edit-posts'])->group(function () {
    Route::get('/posts/create', 'PostController@create');
    Route::post('/posts', 'PostController@store');
    Route::get('/posts/{post}/edit', 'PostController@edit');
    Route::put('/posts/{post}', 'PostController@update');
});
```

### Available Methods

[](#available-methods)

#### User Model Methods

[](#user-model-methods)

```
// Get the user's role
$role = $user->role;

// Check if user has a specific role
$user->hasRole('admin');

// Check if user has any of the specified roles
$user->hasAnyRole(['admin', 'editor']);

// Check if user has a permission
$user->hasPermission('edit-posts');

// Check if user has any of the given permissions
$user->hasAnyPermission(['edit-posts', 'delete-posts']);

// Check if user has all of the given permissions
$user->hasAllPermissions(['edit-posts', 'delete-posts']);

// Assign a role to a user (replaces any existing role)
$user->giveRole('editor');

// Sync role (alias for giveRole)
$user->syncRoles('editor');

// Remove the user's role
$user->removeRole();
```

#### Role Model Methods

[](#role-model-methods)

```
// Create a new role with description
$role = Role::create([
    'name' => 'Editor',
    'slug' => 'editor',
    'description' => 'Can edit and manage content'
]);

// Update role description
$role->update(['description' => 'Updated role description']);

// Get role description
$description = $role->description;
```

#### Permission Model Methods

[](#permission-model-methods)

```
// Create a new permission with description
$editPosts = Permission::create([
    'name' => 'Edit Posts',
    'slug' => 'edit-posts',
    'description' => 'Allows editing of existing posts'
]);

// Update permission description
$permission->update(['description' => 'Updated permission description']);

// Get permission description
$description = $permission->description;
```

##### Example Usage:

[](#example-usage)

```
// Assign a role to a user
$user->giveRole('admin');

// Check user's role
if ($user->hasRole('admin')) {
    // User is an admin
}

// Get the role name
$roleName = $user->role ? $user->role->name : 'No role';

// Remove role
$user->removeRole();

// Check if user has any of these roles
if ($user->hasAnyRole(['admin', 'moderator'])) {
    // User is either admin or moderator
}
```

#### Role Model Methods

[](#role-model-methods-1)

```
// Get a role
$role = Role::where('slug', 'admin')->first();

// Check if role has a permission
$role->hasPermission('edit-posts');

// Give permission to a role
$role->givePermission('edit-posts');

// Assign multiple permissions
$role->givePermissions(['edit-posts', 'delete-posts']);

// Check if role has any permission
$role->hasAnyPermission(['edit-posts', 'delete-posts']);

// Sync all permissions for a role (removes all existing permissions and adds the given ones)
$role->syncPermissions(['edit-posts', 'delete-posts']);

// Remove a specific permission from a role
$role->removePermission('edit-posts');

// Remove multiple permissions from a role
$removedCount = $role->removePermissions(['edit-posts', 'delete-posts']);  // Returns number of permissions removed

// Remove all permissions from a role
$removedCount = $role->removeAllPermissions();  // Returns number of permissions removed
```

Permissions Methods
-------------------

[](#permissions-methods)

### Using getPermissions()

[](#using-getpermissions)

```
// Get all permissions for a role
$rolePermissions = $role->getPermissions();

// Get all permissions for a user's role
$userPermissions = $user->getPermissions();

// Example: Loop through permissions
foreach ($user->getPermissions() as $permission) {
    echo $permission->name; // e.g., 'edit-posts'
    echo $permission->description; // e.g., 'Can edit posts'
}

// Check if user has any permissions
if ($user->getPermissions()->isNotEmpty()) {
    // User has permissions
}

// Check if role has any permissions
if ($role->getPermissions()->isNotEmpty()) {
    // Role has permissions
}
```

Authorization Methods
---------------------

[](#authorization-methods)

### 1. Using FormRequest

[](#1-using-formrequest)

You can check permissions directly in your FormRequest classes:

```
use Illuminate\Foundation\Http\FormRequest;

class StoreProductRequest extends FormRequest
{
    public function authorize()
    {
        return $this->user() && $this->user()->hasPermission('create-product');
    }

    public function rules()
    {
        return [
            'name' => 'required|string|max:255',
            'price' => 'required|numeric|min:0',
        ];
    }
}
```

### 2. Using Policies

[](#2-using-policies)

1. First, create a policy:

```
php artisan make:policy ProductPolicy --model=Product
```

2. Implement the policy methods:

```
namespace App\Policies;

use App\Models\Product;
use App\Models\User;

class ProductPolicy
{
    public function viewAny(User $user)
    {
        return $user->hasPermission('view-products');
    }

    public function view(User $user, Product $product)
    {
        return $user->hasPermission('view-product');
    }

    public function create(User $user)
    {
        return $user->hasPermission('create-product');
    }

    // ... other methods
}
```

3. Register the policy in `AuthServiceProvider`:

```
protected $policies = [
    Product::class => ProductPolicy::class,
];
```

### 3. Using Custom Middleware

[](#3-using-custom-middleware)

If you need more complex authorization logic, you can create custom middleware. Here's an example of creating a custom permission middleware:

1. Create the middleware:

```
php artisan make:middleware CustomPermission
```

2. Implement the middleware:

```
namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class CustomPermission
{
    public function handle(Request $request, Closure $next, ...$permissions): Response
    {
        if (!auth()->check()) {
            abort(403, 'Unauthenticated.');
        }

        foreach ($permissions as $permission) {
            if (auth()->user()->hasPermission($permission)) {
                return $next($request);
            }
        }

        abort(403, 'Unauthorized action.');
    }
}
```

3. Register the middleware:

#### For Laravel 10

[](#for-laravel-10)

Register in `app/Http/Kernel.php`:

```
// app/Http/Kernel.php

protected $routeMiddleware = [
    // ... other middleware
    'custom.permission' => \App\Http\Middleware\CustomPermission::class,
];
```

#### For Laravel 11 &amp; 12

[](#for-laravel-11--12)

Register in `bootstrap/app.php`:

```
// bootstrap/app.php

use App\Http\Middleware\CustomPermission;

// ... other code

->withMiddleware(function (Middleware $middleware) {
    // ... other middleware registrations
    $middleware->alias([
        'custom.permission' => CustomPermission::class,
    ]);
});
```

4. Use the custom middleware in your routes:

```
Route::middleware(['custom.permission:edit-posts'])->group(function () {
    Route::get('/posts/{post}/edit', 'PostController@edit');
    Route::put('/posts/{post}', 'PostController@update');
});
```

This approach gives you the flexibility to:

- Extend or create custom middleware for complex authorization logic
- Maintain clear separation between package features and custom code

### 4. Directly in Controller

[](#4-directly-in-controller)

You can also check permissions directly in your controller methods:

```
public function store(Request $request)
{
    // Check permission
    if (!auth()->user()->hasPermission('create-product')) {
        abort(403, 'Unauthorized action.');
    }

    // Validation
    $validated = $request->validate([
        'name' => 'required|string|max:255',
        'price' => 'required|numeric|min:0',
    ]);

    // Create the product
    $product = Product::create($validated);

    return response()->json($product, 201);
}
```

Blade Directives
----------------

[](#blade-directives)

```
@role('admin')
    // This content will be shown only to users with the 'admin' role
@endrole

@hasanyrole(['admin', 'editor'])
    // This content will be shown to users with either 'admin' or 'editor' role
@endhasanyrole

@haspermission('edit-posts')
    // This content will be shown only to users with the 'edit-posts' permission
@endhaspermission

@hasanypermission(['edit-posts', 'delete-posts'])
    // This content will be shown to users with either 'edit-posts' or 'delete-posts' permission
@endhasanypermission

@hasallpermissions(['edit-posts', 'delete-posts'])
    // This content will be shown only to users with both 'edit-posts' and 'delete-posts' permissions
@endhasallpermissions
```

Testing
-------

[](#testing)

```
composer test
```

Changelog
---------

[](#changelog)

Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.

Contributing
------------

[](#contributing)

Please see [CONTRIBUTING](CONTRIBUTING.md) for details.

Security Vulnerabilities
------------------------

[](#security-vulnerabilities)

If you discover any security related issues, please email  instead of using the issue tracker.

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance65

Regular maintenance activity

Popularity10

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity45

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

212d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/1d770636a8684f5b3bb07c0871140986c12f0f9a225d97d3b5fca53a5d7bdca0?d=identicon)[AbdulBasetRS](/maintainers/AbdulBasetRS)

---

Top Contributors

[![AbdulbasetRS](https://avatars.githubusercontent.com/u/74756037?v=4)](https://github.com/AbdulbasetRS "AbdulbasetRS (3 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/abdulbaset-laravel-accessify/health.svg)

```
[![Health](https://phpackages.com/badges/abdulbaset-laravel-accessify/health.svg)](https://phpackages.com/packages/abdulbaset-laravel-accessify)
```

###  Alternatives

[statamic-rad-pack/runway

Eloquently manage your database models in Statamic.

135224.7k7](/packages/statamic-rad-pack-runway)[jeremy379/laravel-openid-connect

OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

59437.0k9](/packages/jeremy379-laravel-openid-connect)[api-platform/laravel

API Platform support for Laravel

58171.6k14](/packages/api-platform-laravel)[duncanmcclean/statamic-cargo

Comprehensive e-commerce addon for Statamic. Build bespoke e-commerce sites without the complexity.

3416.9k](/packages/duncanmcclean-statamic-cargo)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
