PHPackages                             berthott/laravel-api-permissions - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. berthott/laravel-api-permissions

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

berthott/laravel-api-permissions
================================

Laravel Helper for API Endpoint Permissions

3.0.4(2y ago)11.0kMITPHP

Since Sep 20Pushed 1y ago3 watchersCompare

[ Source](https://github.com/berthott/laravel-api-permissions)[ Packagist](https://packagist.org/packages/berthott/laravel-api-permissions)[ RSS](/packages/berthott-laravel-api-permissions/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependencies (6)Versions (26)Used By (0)

[![test workflow](https://github.com/berthott/laravel-api-permissions/actions/workflows/test.yml/badge.svg)](https://github.com/berthott/laravel-api-permissions/actions/workflows/test.yml/badge.svg)

Laravel-API-Permissions
=======================

[](#laravel-api-permissions)

A helper for API Permissions in Laravel. Protect all your routes with a single middleware.

Installation
------------

[](#installation)

```
$ composer require berthott/laravel-api-permissions
```

Usage
-----

[](#usage)

- **Caution:** This package assumes, that you name all your routes in the way laravel does: `models.action`.
- Add the `permissions` middleware to the routes you want to protect.
- Seed the permissions table by writing your own Seeder:
    - `php artisan make:seeder PermissionTableSeeder`
    - utilize `berthott\Permissions\Helpers\PermissionsHelper` to actually seed the permissions
        - `PermissionsHelper::resetTables()` will truncate all permission related tables.
        - `PermissionsHelper::buildRoutePermissions()` will build the permissions table. You might pass an array for mapping routes to permissions. E.g. ```
            [
              '*.destroy' => [
                 '*.destroy',
                 '*.destroy_many'
              ],
            ]
            ```
        - `PermissionsHelper::buildUiPermissions()` will add UI permissions, that will only be handle by the frontend.
- If the `migrate` option is `true` the package will migrate five tables for you: `roles`, `role_user`, `permissions`, `permissionables` and `permission_routes`.
- If the `migrate` option is `false` and you want to write your own migration you can have look at the default migrations by running

```
$ php artisan vendor:publish --provider="berthott\Permissions\ApiPermissionsServiceProvider" --tag="migrations"
```

- You can add `permissions` to your `User` model by adding the `HasPermissions` trait.
- You can add `roles` to you `User` model by adding the `HasRoles` trait.
- You can use either or both of the above options.
- You may ignore specific routes actions from the permission system by adding them to the `ignoreActions` config, or by added the `IgnorePermissionRoutes`trait.

Options
-------

[](#options)

To change the default options use

```
$ php artisan vendor:publish --provider="berthott\Permissions\ApiPermissionsServiceProvider" --tag="config"
```

- Inherited from [laravel-targetable](https://docs.syspons-dev.com/laravel-targetable)
    - `namespace`: String or array with one ore multiple namespaces that should be monitored for the configured trait. Defaults to `App\Models`.
    - `namespace_mode`: Defines the search mode for the namespaces. `ClassFinder::STANDARD_MODE` will only find the exact matching namespace, `ClassFinder::RECURSIVE_MODE` will find all subnamespaces. Defaults to `ClassFinder::RECURSIVE_MODE`.
    - `prefix`: Defines the route prefix. Defaults to `api`.
- General Package Configuration
    - `middleware`: An array of all middlewares to be applied to all of the generated routes. Defaults to `[]`.
    - `ignoreActions`: Defines an array of actions that should be ignored by default. Defaults to `[]`.
    - `migrate`: Defines wether or not to migrate standard tables.. Defaults to `true`.

Compatibility
-------------

[](#compatibility)

Tested with Laravel 10.x.

License
-------

[](#license)

See [License File](license.md). Copyright © 2023 Jan Bladt.

###  Health Score

32

—

LowBetter than 72% of packages

Maintenance31

Infrequent updates — may be unmaintained

Popularity17

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity60

Established project with proven stability

 Bus Factor1

Top contributor holds 98% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~31 days

Recently: every ~60 days

Total

25

Last Release

935d ago

Major Versions

1.0.15 → 2.0.02022-03-23

2.0.3 → 3.0.02023-02-16

### Community

Maintainers

![](https://www.gravatar.com/avatar/af6377eb5c44e90728f87b66923f10a0c7c81c2f05538763a4d1c5dac8a79ceb?d=identicon)[berthott](/maintainers/berthott)

---

Top Contributors

[![berthott](https://avatars.githubusercontent.com/u/3034025?v=4)](https://github.com/berthott "berthott (48 commits)")[![ajabusch](https://avatars.githubusercontent.com/u/11186042?v=4)](https://github.com/ajabusch "ajabusch (1 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/berthott-laravel-api-permissions/health.svg)

```
[![Health](https://phpackages.com/badges/berthott-laravel-api-permissions/health.svg)](https://phpackages.com/packages/berthott-laravel-api-permissions)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M118](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)