PHPackages bozboz/permissions - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. bozboz/permissions AbandonedLibrary[Authentication & Authorization](/categories/authentication) bozboz/permissions ================== v1.2.0(9y ago)03.3k1PHPPHP >=5.4.0 Since Oct 30Pushed 4y ago3 watchersCompare [ Source](https://github.com/bozboz/permissions)[ Packagist](https://packagist.org/packages/bozboz/permissions)[ RSS](/packages/bozboz-permissions/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (1)Versions (9)Used By (1) Permissions =========== [](#permissions) This package implements a basic permission system, based off the Laravel version implemented in 5.1.11. Setup ----- [](#setup) - Add the `Bozboz\Permissions\PermissionServiceProvider` class to your app/config.php file. - Optionally add the `Bozboz\Permissions\Facades\Gate` facade to your aliases array in app/config.php. - Publish and run the migrations using `php artisan migrate:publish bozboz/permissions && php artisan migrate` Usage ----- [](#usage) First, define some rules in app/permissions.php. These are typically actions that users can do in your app. ``` $permissions->define('manage_page', 'Bozboz\Permissions\Rules\Rule'); $permissions->define('delete_pages', 'Bozboz\Permissions\Rules\GlobalRule'); ``` There are 2 rule classes by default: Rule and GlobalRule. The former is for when you have a rule that relies on a context value, typically a model ID. A global rule is one that doesn't require any additional data to make sense. Whenever you want to check a user has permission to do an action, you ask the Gate: ``` if (Gate::allows('delete_pages')) { $instance->delete(); } ``` Alternatively, if you haven't registered the facade, you can inject the Checker object through the constructor or retrieve via the IoC container: ``` if (app('permission.checker')->allows('delete_pages')) { $instance->delete(); } ``` Note, by default, the currently authenticated user will be used to check permissions on. To authorize a specific user, pass it in: ``` if (Gate::forUser($user)->allows('delete_pages')) { $instance->delete(); } ``` You can also flip the check, and determine if the current user is *disallowed* from doing a task: ``` if (Gate::forUser($user)->disallows('delete_pages')) { App::abort(403); } $instance->delete(); ``` The authenticated user instance must implement `Bozboz\Permissions\UserInterface`. User implementations that implement this interface must define a `getPermissions` method. Implementations can retrieve permissions however they wish. ### The rule stack [](#the-rule-stack) The rule stack allows permissions of varying degrees of access to be stacked together, allowing the authenticated user to match any of the defined permissions. This is useful for defining "global" permissions, and stack on more specific rules, e.g. ``` if (RuleStack::with('view_pages')->then('view_anything')->isAllowed()) { // User is able to view pages and/or view anything } ``` The stack will check the left-most rule first, then further rules defined using the `then` method; stopping execution when an allowed rule is found. If no rule is allowed, the method will return false. Alternatively, a RuleStack instance can be instantiated and rules added to it using the `add` method: ``` $stack = new RuleStack; $stack->add('edit_anything'); $stack->add('edit_page', 5); return $stack->isAllowed(); ``` Here, the stack will check the last added rule first, and work its way up. ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity19 Limited adoption so far Community10 Small or concentrated contributor base Maturity63 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~63 days Recently: every ~75 days Total 8 Last Release 3407d ago Major Versions v0.3.0 → v1.0.02016-03-22 ### Community Maintainers ![](https://www.gravatar.com/avatar/3c709396f3a6a7048c1c89615c6fce3f8301bd5715c641bf07b48268187727a3?d=identicon)[bozboz](/maintainers/bozboz) --- Top Contributors [![samdking](https://avatars.githubusercontent.com/u/1331514?v=4)](https://github.com/samdking "samdking (36 commits)") ### Embed Badge ![Health badge](/badges/bozboz-permissions/health.svg) ``` [![Health](https://phpackages.com/badges/bozboz-permissions/health.svg)](https://phpackages.com/packages/bozboz-permissions) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[spatie/laravel-login-link Quickly login to your local environment 4381.2M1](/packages/spatie-laravel-login-link)[spatie/laravel-passkeys Use passkeys in your Laravel app 444494.4k16](/packages/spatie-laravel-passkeys)[andrewdwallo/filament-companies A comprehensive Laravel authentication and authorization system designed for Filament, focusing on multi-tenant company management. 34450.0k2](/packages/andrewdwallo-filament-companies) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)