PHPackages cosmos/rbac - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. cosmos/rbac ActiveLibrary[Authentication & Authorization](/categories/authentication) cosmos/rbac =========== A trait for using Role-based access control in the User that a Laravel eloquent model. v1.0.1(6y ago)07MITPHPPHP ^7.2CI failing Since Jan 12Pushed 6y ago1 watchersCompare [ Source](https://github.com/archco/rbac)[ Packagist](https://packagist.org/packages/cosmos/rbac)[ RSS](/packages/cosmos-rbac/feed)WikiDiscussions master Synced 3d ago READMEChangelog (2)Dependencies (7)Versions (3)Used By (0) Role Based Access Control ========================= [](#role-based-access-control) A trait for using Role-based access control in the User that a Laravel eloquent model. WHAT IS RBAC ------------ [](#what-is-rbac) Role-based access control (RBAC) is an approach to restricting system access to authorized users. See below for details. - [What is RBAC](https://www.imperva.com/learn/data-security/role-based-access-control-rbac/) - [Wikipedia](https://en.wikipedia.org/wiki/Role-based_access_control) Table of contents ----------------- [](#table-of-contents) - [Database Structure](#database-structure) - [Installation](#installation) - [Models](#models) - [User](#user) - [Role](#role) - [Permission](#permission) - [Usage](#usage) - [Assigning Roles and Permissions](#assigning-roles-and-permissions) - [Using Middleware](#using-middleware) - [Using Blade Directives](#using-blade-directives) - [License](#license) Database Structure ------------------ [](#database-structure) ``` users: - id INTEGER - email STRING - etc... roles: - id INTEGER - name STRING - created_at DATE - updated_at DATE permissions: - id INTEGER - name STRING - created_at DATE - updated_at DATE role_user: - role_id INTEGER - user_id INTEGER - PRIMARY KEY role_id, user_id - FOREIGN KEY role_id REFERENCES roles.id ON DELETE CASCADE - FOREIGN KEY user_id REFERENCES users.id ON DELETE CASCADE permission_role: - permission_id INTEGER - user_id INTEGER - PRIMARY KEY permission_id, role_id - FOREIGN KEY permission_id REFERENCES permissions.id ON DELETE CASCADE - FOREIGN KEY role_id REFERENCES roles.id ON DELETE CASCADE ``` Installation ------------ [](#installation) Install package via composer ``` composer require cosmos/rbac ``` The service provider will automatically get registered. Or you may manually add the service provider in your `config/app.php` file: ``` 'providers' => [ // ... Cosmos\Rbac\RbacServiceProvider::class, ]; ``` You can add middleware inside your `app/Http/Kernel.php` file: ``` protected $routeMiddleware = [ // ... 'role' => \Cosmos\Rbac\Middleware\Role::class, 'permission' => \Cosmos\Rbac\Middleware\Permission::class, ]; ``` You should publish the `config/rbac.php` config file: ``` php artisan vendor:publish --provider="Cosmos\Rbac\RbacServiceProvider" ``` Models ------ [](#models) ### User [](#user) Add the `Cosmos\Rbac\RoleBasedAccessControl` trait to your `App\User` model: ``` namespace App; use Illuminate\Foundation\Auth\User as Authenticatable; use Cosmos\Rbac\RoleBasedAccessControl; class User extends Authenticatable { use RoleBasedAccessControl; // } ``` ### Role [](#role) Extends the `Cosmos\Rbac\Role` to your `App\Role` model: ``` namespace App; use Cosmos\Rbac\Role as RoleModel; class Role extends RoleModel { // } ``` ### Permission [](#permission) Extends the `Cosmos\Rbac\Permission` to your `App\Permission` model: ``` namespace App; use Cosmos\Rbac\Permission as PermissionModel; class Permission extends PermissionModel { // } ``` Usage ----- [](#usage) ### Assigning Roles and Permissions [](#assigning-roles-and-permissions) You can assign `editor` role to the specific user. ``` $blogEdit = Permission::create(['name' => 'blog.edit']); $newsEdit = Permission::create(['name' => 'news.edit']); // Assign `blog.edit` and `news.edit` permission to `editor` role. $editor = Role::create(['name' => 'editor']); $editor->permissions()->attach($blogEdit); $editor->permissions()->attach($newsEdit); // Assign `editor` role to the user. $user = User::find(1); $user->roles()->attach($editor); // checking whether the user has roles. $user->hasRole('editor'); // true // checking whether the user has permissions. $user->hasPermission('blog.edit'); // true $user->hasPermission('blog.delete'); // false // checking multiple roles or permissions. $user->hasRole(['editor', 'news-editor']); // true. $user->hasPermission(['blog.edit', 'blog.delete'], true); // returns false. second parameter is `requireAll`, default is false. ``` And also you can deny roles from the user. ``` $editor->permissions()->detach($newsEdit); $user->hasPermission('news.edit'); // false $user->roles()->detach($editor); $user->hasRole('editor'); // false ``` ### Using Middleware [](#using-middleware) Using middleware rules in routes ``` Route::group(['middleware' => ['role:admin']], function () { // }); // You can separate multiple roles or permission with a '|' (pipe) character. Route::group(['middleware' => ['permission:edit articles|publish articles']], function () { // }); Route::get('admin/profile', function () { // })->middleware('role:admin', 'permission:admin.access'); ``` Using middleware rules in Controllers ``` public function __construct() { $this->middleware('role:super-user'); // or $this->middleware(['role:admin', 'permission:admin.access']); } ``` ### Using Blade Directives [](#using-blade-directives) Check for a specific role: ``` @role('editor') // @else // @endrole ``` or permissions ``` @permission('blog.read,blog.edit') // @endpermission ``` License ------- [](#license) The MIT License ### Health Score 23 — LowBetter than 27% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity4 Limited adoption so far Community7 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 2314d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/2f8aefb31e2f8cbf7c07fe35723c46cd7cc34d8c72ea67fab376787529cb229d?d=identicon)[Cosmos](/maintainers/Cosmos) --- Top Contributors [![archco](https://avatars.githubusercontent.com/u/16632570?v=4)](https://github.com/archco "archco (11 commits)") --- Tags laravelpermissionsrbacrole-based-access-controlroles ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/cosmos-rbac/health.svg) ``` [![Health](https://phpackages.com/badges/cosmos-rbac/health.svg)](https://phpackages.com/packages/cosmos-rbac) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[laravel/passport Laravel Passport provides OAuth2 server support to Laravel. 3.4k85.0M532](/packages/laravel-passport)[silber/bouncer Eloquent roles and abilities. 3.6k4.4M25](/packages/silber-bouncer)[roots/acorn Framework for Roots WordPress projects built with Laravel components. 9682.1M97](/packages/roots-acorn)[laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor)[aedart/athenaeum Athenaeum is a mono repository; a collection of various PHP packages 245.2k](/packages/aedart-athenaeum) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)