PHPackages curly-deni/laravel-permission-controller - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Database & ORM](/categories/database) 4. / 5. curly-deni/laravel-permission-controller ActiveLibrary[Database & ORM](/categories/database) curly-deni/laravel-permission-controller ======================================== A Laravel package that observes model events and automatically enforces create, update, and delete permissions based on policies. v1.2.1(1y ago)0141MITPHPPHP ^8.0CI passing Since Apr 27Pushed 1y ago1 watchersCompare [ Source](https://github.com/curly-deni/laravel-permission-controller)[ Packagist](https://packagist.org/packages/curly-deni/laravel-permission-controller)[ Docs](https://github.com/curly-deni/laravel-permission-controller)[ GitHub Sponsors](https://github.com/curly-deni)[ RSS](/packages/curly-deni-laravel-permission-controller/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (5)Dependencies (5)Versions (6)Used By (1) Laravel Permission Controller ============================= [](#laravel-permission-controller) [![Latest Version on Packagist](https://camo.githubusercontent.com/63de71d4d6bede4eb496104680f397584dec2287b59e0e8a6cc6675467664535/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6375726c792d64656e692f6c61726176656c2d7065726d697373696f6e2d636f6e74726f6c6c65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/curly-deni/laravel-permission-controller)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/b6a0a0ce25387c3ea0f779b6d883172c4b1d9d3a9a3c383de5b435eb534ef366/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6375726c792d64656e692f6c61726176656c2d7065726d697373696f6e2d636f6e74726f6c6c65722f6669782d7068702d636f64652d7374796c652d6973737565732e796d6c3f6272616e63683d6d61696e266c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/curly-deni/laravel-permission-controller/actions?query=workflow%3A%22Fix+PHP+code+style+issues%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/679bdcc57d105425d4793d2c8a10c0ed81a0551b3e196b13f302657d6b45cb36/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6375726c792d64656e692f6c61726176656c2d7065726d697373696f6e2d636f6e74726f6c6c65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/curly-deni/laravel-permission-controller) **Permission Controller** is a lightweight Laravel package that automatically enforces `create`, `update`, `delete`, and optionally `read` permissions at the model level based on your policy methods. It streamlines permission handling and improves application security with minimal setup. --- Features -------- [](#features) - πŸ›‘οΈ Automatic permission checks for `create`, `update`, `delete`, and optional `read` actions. - ⚑ Seamless integration with Laravel’s native authorization system (policies). - βš™οΈ Highly configurable β€” control enabled actions and exception behavior per action. - 🧩 Simple trait-based integration for Eloquent models. - πŸ“š Clean, modular, and extendable architecture. --- Installation ------------ [](#installation) Install the package via Composer: ``` composer require curly-deni/laravel-permission-controller ``` Publish the configuration file: ``` php artisan vendor:publish --tag="permission-controller-config" ``` --- Configuration ------------- [](#configuration) The published configuration file `config/permission-controller.php` looks like this: ``` return [ 'read_scope' => \Aesis\PermissionController\Scopes\ReadScope::class, 'observer' => \Aesis\PermissionController\Observers\ActionObserver::class, 'create' => [ 'enable' => true, 'exception' => \Aesis\PermissionController\Exceptions\CreateModelForbidden::class, 'throw_exception' => false, ], 'update' => [ 'enable' => true, 'exception' => \Aesis\PermissionController\Exceptions\UpdateModelForbidden::class, 'throw_exception' => false, ], 'delete' => [ 'enable' => true, 'exception' => \Aesis\PermissionController\Exceptions\DeleteModelForbidden::class, 'throw_exception' => false, ], 'read' => [ 'enable' => false, 'exception' => \Aesis\PermissionController\Exceptions\ReadModelForbidden::class, 'throw_exception' => false, ], ]; ``` **Configuration options:** - `read_scope`: The scope class applied to model queries to restrict access based on `read` permissions. - `observer`: The observer class that enforces permission checks on model events (`creating`, `updating`, `deleting`). **Per-action settings (`create`, `update`, `delete`, `read`):** - `enable`: Enable or disable permission enforcement for the specific action. - `exception`: Exception class to throw when permission is denied (if `throw_exception` is `true`). - `throw_exception`: If `true`, the package will throw an exception; otherwise, the action will simply not proceed. If exceptions are enabled, these exception classes are used: ActionException ClassCreate`Aesis\PermissionController\Exceptions\CreateModelForbidden`Update`Aesis\PermissionController\Exceptions\UpdateModelForbidden`Delete`Aesis\PermissionController\Exceptions\DeleteModelForbidden`Read`Aesis\PermissionController\Exceptions\ReadModelForbidden`> **Tip:** You can override the exception classes to provide custom messages, error codes, or even logging. --- Usage ----- [](#usage) ### 1. Add the Trait to Your Models [](#1-add-the-trait-to-your-models) Include the `HasPermissionController` trait in any Eloquent model you want to protect: ``` use Aesis\PermissionController\Traits\HasPermissionController; class Post extends Model { use HasPermissionController; } ``` ### 2. Define Policy Methods [](#2-define-policy-methods) You must implement policy methods **only for the actions that are enabled** in the configuration: - If `'create'` is enabled, implement a `create(User $user)` method. - If `'update'` is enabled, implement an `update(User $user, Model $model)` method. - If `'delete'` is enabled, implement a `delete(User $user, Model $model)` method. - If `'read'` is enabled, implement a `read(User $user)` method (**without** passing the model instance). Example for a `PostPolicy`: ``` class PostPolicy { public function create(User $user) { return $user->hasPermission('create-posts'); } public function update(User $user, Post $post) { return $user->id === $post->user_id; } public function delete(User $user, Post $post) { return $user->id === $post->user_id; } public function read(User $user) { return $user->hasPermission('read-posts'); } } ``` > **Important:** > The `read` method only accepts the `User` object β€” **no model instance** is passed. --- Credits ------- [](#credits) - [Danila Mikhalev](https://github.com/curly-deni) - [All Contributors](../../contributors) --- License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 29 β€” LowBetter than 60% of packages Maintenance49 Moderate activity, may be stable Popularity6 Limited adoption so far Community9 Small or concentrated contributor base Maturity46 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits β€” single point of failure How is this calculated?**Maintenance (25%)** β€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** β€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** β€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** β€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~1 days Total 5 Last Release 374d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f0de0a785e1bbcc02008355c771ba12b545c755b9935a40eb92233f0e5e9eea5?d=identicon)[curly-deni](/maintainers/curly-deni) --- Top Contributors [![curly-deni](https://avatars.githubusercontent.com/u/64059451?v=4)](https://github.com/curly-deni "curly-deni (15 commits)") --- Tags laravelsecurityeloquentauthorizationobserverpermissionsPolicymodel observer ### Code Quality Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/curly-deni-laravel-permission-controller/health.svg) ``` [![Health](https://phpackages.com/badges/curly-deni-laravel-permission-controller/health.svg)](https://phpackages.com/packages/curly-deni-laravel-permission-controller) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[silber/bouncer Eloquent roles and abilities. 3.6k4.4M25](/packages/silber-bouncer)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[dyrynda/laravel-model-uuid This package allows you to easily work with UUIDs in your Laravel models. 4802.8M8](/packages/dyrynda-laravel-model-uuid)[watson/validating Eloquent model validating trait. 9723.3M47](/packages/watson-validating)[kodeine/laravel-acl Light-weight role-based permissions for Laravel 5 built in Auth system. 782354.8k5](/packages/kodeine-laravel-acl) PHPackages Β© 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)