PHPackages barryvdh/laravel-security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. barryvdh/laravel-security AbandonedLibrary[Authentication & Authorization](/categories/authentication) barryvdh/laravel-security ========================= This packages integrates Symfony Security Core in Laravel, mainly to use the Voters to check acces to roles/objects. v0.1.0(11y ago)526.6k20[2 issues](https://github.com/barryvdh/laravel-security/issues)PHPPHP >=5.3.0 Since Jun 13Pushed 6y ago6 watchersCompare [ Source](https://github.com/barryvdh/laravel-security)[ Packagist](https://packagist.org/packages/barryvdh/laravel-security)[ RSS](/packages/barryvdh-laravel-security/feed)WikiDiscussions master Synced yesterday READMEChangelogDependencies (2)Versions (2)Used By (0) Laravel Security Component -------------------------- [](#laravel-security-component) ### Version 0.2.x@dev is for Laravel 5. Use 0.1.x for Laravel 4! [](#version-02xdev-is-for-laravel-5-use-01x-for-laravel-4) This packages integrates Symfony Security Core in Laravel, mainly to use the Voters to check acces to roles/objects. See [Symfony Authorization](http://symfony.com/doc/current/components/security/authorization.html) ### Install [](#install) Add this package to your composer.json and run `composer update` ``` "barryvdh/laravel-security": "0.2.x@dev" ``` After updating, add the ServiceProvider to ServiceProvider array in config/app.php ``` 'Barryvdh\Security\SecurityServiceProvider' ``` You can optionally add the Facade as well, to provide faster access to the Security component. ``` 'Security' => 'Barryvdh\Security\Facade', ``` ### Configure [](#configure) You can publish the config to change the strategy and add your own Role Hierarchy, to configure which roles inherit from each other. ``` $ php artisan vendor:publish config //config/security.php 'role_hierarchy' => array( 'ROLE_ADMIN' => array('ROLE_USER'), 'ROLE_SUPER_ADMIN' => array('ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH') ) ``` ### Voters [](#voters) By default, only 2 Voters are included: - AuthVoter, check if a user is autenticated (`IS_AUTHENTICATED` or `AUTH`) - RoleHierarchyVoter: Check a user for a role, using the hierarchy in the config. (`ROLE_ADMIN`, `ROLE_EDITOR` etc) To use roles, add a function getRoles() to your User model, which returns an array of Role strings (Note: roles must begin with ROLE\_) ``` public function roles(){ return $this->belongsToMany('Role'); } public function getRoles(){ return $this->roles()->lists('name'); } ``` You can add voters by adding them to the config. ``` 'voters' => [ ... 'App\Security\MyVoter.php', ], ``` You can also add voters by extending $app\['security.voters'\] or using the facade: ``` Security::addVoter(new MyVoter()); ``` Voters have to implement [VoterInterface](https://github.com/symfony/Security/blob/master/Core/Authorization/Voter/VoterInterface.php). You can define which attributes (ie. ROLE\_ADMIN, IS\_AUTHENTICATED, EDIT etc) and which objects the voter can handle. The voter will be called to vote on an attribute (and possibly an object) and allow, deny or abstain access. Based on the strategy, the final decision is made based on the votes. (By default, 1 allow is enough) You can access the User object with $token->getUser(); For an example, see the [Symfony Cookbook about Voters](http://symfony.com/doc/current/cookbook/security/voters.html) ### Checking access [](#checking-access) You can check access using to IoC Container, the facade and a helper function: ``` App::make('security.authorization_checker')->isGranted('ROLE_ADMIN'); Security::isGranted('edit', $post); is_granted('AUTH'); ``` The first argument is the attribute you want to check, the second is an optional object, on which you want to check the access. For example, you can write a Voter to check if the current user can edit a comment, based on his ownership on that object or his role. ### Filters [](#filters) You can use this in Laravel's Route Filters, both in the routes and in controllers. ``` Route::get('admin', array('before' => 'is_granted:ROLE_ADMIN', function(){..})); Route::filter('is_granted', function($route, $request, $attribute, $parameter=null){ if (!is_granted($attribute, $route->getParameter($parameter))) return Redirect::route('login'); }); ``` If you set up Model Binding, you have easy access to the objects. ``` Route::model('company', 'Company'); Route::get('companies/{company}', array('uses'=> 'CompanyController@getView', 'before' => 'is_granted:view,company')); ``` ### Health Score 32 ↑ LowBetter than 72% of packages Maintenance19 Infrequent updates — may be unmaintained Popularity33 Limited adoption so far Community19 Small or concentrated contributor base Maturity48 Maturing project, gaining track record Bus Factor1 Top contributor holds 84.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 4352d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/dad47b02be23edb7094a151b4b1ce7e9cb56b75cd87cd3341d140e1e1e9cd0e4?d=identicon)[barryvdh](/maintainers/barryvdh) --- Top Contributors [![barryvdh](https://avatars.githubusercontent.com/u/973269?v=4)](https://github.com/barryvdh "barryvdh (32 commits)")[![jszobody](https://avatars.githubusercontent.com/u/203749?v=4)](https://github.com/jszobody "jszobody (4 commits)")[![bornemisza](https://avatars.githubusercontent.com/u/22169041?v=4)](https://github.com/bornemisza "bornemisza (1 commits)")[![nipeharefa](https://avatars.githubusercontent.com/u/12620257?v=4)](https://github.com/nipeharefa "nipeharefa (1 commits)") ### Embed Badge ![Health badge](/badges/barryvdh-laravel-security/health.svg) ``` [![Health](https://phpackages.com/badges/barryvdh-laravel-security/health.svg)](https://phpackages.com/packages/barryvdh-laravel-security) ``` ### Alternatives [symfony/security-bundle Provides a tight integration of the Security component into the Symfony full-stack framework 2.5k172.9M1.8k](/packages/symfony-security-bundle)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[olssonm/l5-very-basic-auth Laravel stateless HTTP basic auth without the need for a database 1662.5M1](/packages/olssonm-l5-very-basic-auth)[web-auth/webauthn-framework FIDO2/Webauthn library for PHP and Symfony Bundle. 50570.7k1](/packages/web-auth-webauthn-framework)[scaler-tech/laravel-saml2 SAML2 Service Provider integration for Laravel applications, based on OneLogin toolkit 2737.5k](/packages/scaler-tech-laravel-saml2) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)