PHPackages cgross/laraguard - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. cgross/laraguard ActiveLibrary cgross/laraguard ================ Permissions/roles for Laravel 5 1.1.0(10y ago)388.6k↑33.3%5MITPHPCI failing Since Dec 25Pushed 10y ago6 watchersCompare [ Source](https://github.com/cgrossde/Laraguard)[ Packagist](https://packagist.org/packages/cgross/laraguard)[ RSS](/packages/cgross-laraguard/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (4)Dependencies (2)Versions (5)Used By (0) Laraguard WIP ============= [](#laraguard-wip) Adds a permission system to Laravel 5 using the new integrated authentication mechanism. Instead of protecting routes, it protects the controller and its methods. This way you do not expose protected functionality if you forgot to protect a certain route. Controllers are protected with a simple syntax: `ControllerName@MethodName`. If you have a `ClientController.php` and want to add a permission called *client.edit* you would do something like this: ``` client.edit: - Client@edit - Client@update ``` Laraguard also supports `*` if you want to allow all methods or all controllers: ``` client.admin: - Client@* site.admin: - "*@*" ``` Installation ------------ [](#installation) **Composer:** Integrate this into your laravel projects `composer.json` and execute `composer update`: ``` "require": { "cgross/laraguard": "~1.0", }, ``` **Add middleware:** Add this line to the `$routeMiddleware` array in `app/Http/Kernel.php`: ``` 'laraguard' => 'CGross\Laraguard\Middleware\Permission', ``` **Protect controllers:** For every controller that you want to protect from unauthorized access call the laraguard middleware in the constructor like this: ``` /** * Create a new controller instance. * * @return void */ public function __construct() { $this->middleware('laraguard'); } ``` **Extend the User model:** Extend the `User` model with a method `getPermissions` which returns an array with the users permissions. You might also want to extend the user schema to save permissions in the database. If *Laraguard* is not flexible enough for your needs you can create a new database table for user roles which then references permissions assigned to those roles. Implement it like you want, just make sure the `getPermissions` method exists in the `User` model and that it returns an array with permission names. Take a look at or which both allow you to store roles and permissions for your users. Then adapt the `getPermissions` method in your user model to retrieve the permissions from caffeinated/shinobi or romanbican/roles. Permissions ----------- [](#permissions) Create an new file `resources/config/permissions.yml` with the following content, adapted to your needs: ``` defaultNoPermissionRoute: /denied debug: true deniedUrlLifetime: 1 controllerActionPermissions: admin: - "*@*" guest: - "Welcome@index" user: - "Client@index" - "Client@show" manager: - "Client@*" customPermissions: customPermission: - /Controller/ secCust: - /Blubb/ testing: appEnv: acceptance debug: true defaultPermissions: null temporaryPermissions: '' temporaryRequestCounter: 0 ``` Note: The default permission for users that are not logged in is `guest`. **What happens when the user or guest has no permission?** If the user has no permission for the desired controller method then there are three possibilities: 1. The controller has a method named `permissionDenied`. In this case the method is called. This gives you the ability to display custom permission denied views for different controllers or redirect to some other page 2. The value `defaultNoPermissionRoute` in `permissions.yml` is not `NONE`. In this case the request is redirected to this route 3. Neither a `permissionDenied` nor a `defaultNoPermissionRoute` is set: In this case the response will be a `501 Permission Denied` error page. Testing ------- [](#testing) When testing an app you might want to set some defaultPermissions for testing mode. **Those permissions will only work if you test with the same `APP_ENV` that is specified in `appEnv`.** You can do this with the following entries in `permissions.yml`: ``` testing: appEnv: acceptance defaultPermissions: guest,admin,someOtherPermName ``` If you want to set different Permission for different testcases then you need to add the `LaraguardServiceProvider` in `config/app.php`: ``` 'CGross\Laraguard\Providers\LaraguardServiceProvider', ``` After that you can get a Laraguard instance from the IoC Container: ``` $laraguard = \App::make('Laraguard'); // Set some permissions $laraguard->setTemporaryPermissions(['guest','admin','someOtherPermName']); // Your test case goes here ... // Clean up afterwards $laraguard->resetTemporaryPermissions() // Or only set temporary permission for X requests // In this case only the next two requests will have temporary permissions $laraguard->setTemporaryPermissions(['guest','admin'], 2); // Get temporary permissions (might be handy to merge with user permissions during tests) $laraguard->getTemporaryPermissions() ``` ### Behat [](#behat) If you are using `Behat` then try the Laraguard trait: ``` use CGross\Laraguard\Behat\Laraguard; class FeatureContext extends MinkContext implements Context, SnippetAcceptingContext { // Includes the trait use Laraguard; // Your tests go here // Access laraguard like this: // self::$laraguard->setTemporaryPermissions($permissionArray, $lifetime); // self::$laraguard->resetTemporaryPermissions(); } ``` This trait will automatically clear all temporary permissions after each scenario and if you need you can use `self::$laraguard` in your tests to set or reset permissions. In your behat features you will have the following new expressions available: ``` Scenario: X test permission Given I have the permission "admin" Scenario: XY test permission Given I have the permissions "admin,guest,someOtherPerm" Scenario: XYZ test permission Given I have the permissions "admin,guest,someOtherPerm" for 2 requests ``` Debugging --------- [](#debugging) You can now enabled debugging in your `permissions.yml`. This will print debug output to your laravel log (usually in `storage/log/laravel-YYYY-MM-DD.log`). ``` ... [Date] acceptance.INFO: [Laraguard] REQUEST - ControllerPath: App\Http\Controllers\ClientController@index [Date] acceptance.INFO: [Laraguard] ALLOW - Allowed permissions: admin,customPermission - User: admin [Date] acceptance.INFO: [Laraguard] REQUEST - ControllerPath: App\Http\Controllers\Admin\UserAdminController@getCreate [Date] acceptance.INFO: [Laraguard] TESTING permissions: admin, testing [Date] acceptance.INFO: [Laraguard] ALLOW - Allowed permissions: admin,customPermission - User: guest,admin,testing [Date] acceptance.INFO: [Laraguard] REQUEST - ControllerPath: App\Http\Controllers\Admin\UserAdminController@getCreate [Date] acceptance.INFO: [Laraguard] DENY - Allowed permissions: admin,customPermission - User: guest [Date] acceptance.INFO: [Laraguard] DENY - with defaultNoPermissionRoute: /denied ... ``` Redirect after login / get last denied page ------------------------------------------- [](#redirect-after-login--get-last-denied-page) Laraguard stores the path of the last denied page in a session var (`laraguard_lastDenied`). This session var will be cleared after X requests (default is two requests). You can change this under `deniedUrlLifetime` in your `permissions.yml`. Add a login form to your denied page. To redirect a user after login, modify the `redirectPath` method of your `AuthController`: ``` public function redirectPath() { // Redirect after denied request? if(\Session::has('laraguard_lastDenied')) { return \Session::get('laraguard_lastDenied'); } // Redirect to default path after login/register return property_exists($this, 'redirectTo') ? $this->redirectTo : '/home'; } ``` Changelog --------- [](#changelog) **1.1.0:** - Store last denied url to make a *redirect after login* feature possible - Give access to testing permissions `getTemporaryPermissions()` **1.0.0:** - Added testing capabilities - Support for Behat - Added debugging (see permission.yml in README) **0.1.0: Initial release** Breaking changes ---------------- [](#breaking-changes) Version `v1.0.0` changed `modelActionPermissions` to `controllerActionPermissions` in `permissions.yml`. ### Health Score 37 — LowBetter than 83% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity35 Limited adoption so far Community9 Small or concentrated contributor base Maturity66 Established project with proven stability How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~51 days Total 4 Last Release 4009d ago Major Versions v0.1.0 → v1.0.02015-01-29 ### Community Maintainers ![](https://www.gravatar.com/avatar/8cee5486d8f1dbf692defbb5caa4e2b39db6c6b94baaf7967551dfcb81a5a9d2?d=identicon)[cgrossde](/maintainers/cgrossde) --- Tags laravelpermissionrole ### Embed Badge ![Health badge](/badges/cgross-laraguard/health.svg) ``` [![Health](https://phpackages.com/badges/cgross-laraguard/health.svg)](https://phpackages.com/packages/cgross-laraguard) ``` ### Alternatives [darkaonline/l5-swagger OpenApi or Swagger integration to Laravel 2.9k34.0M112](/packages/darkaonline-l5-swagger)[knuckleswtf/scribe Generate API documentation for humans from your Laravel codebase.✍ 2.3k12.2M45](/packages/knuckleswtf-scribe)[sereny/nova-permissions Laravel Nova - Roles & Permissions 86388.6k1](/packages/sereny-nova-permissions)[itstructure/laravel-rbac Laravel package for RBAC manage 566.6k](/packages/itstructure-laravel-rbac)[dlnsk/h-rbac Based on native Laravel's gates and policies. Hierarchical RBAC with callbacks. 378.3k](/packages/dlnsk-h-rbac) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)