PHPackages enea/laravel-authorization - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. enea/laravel-authorization ActivePackage[Authentication & Authorization](/categories/authentication) enea/laravel-authorization ========================== Package to manage the permissions in a laravel application v3.0(1y ago)31561MITPHPPHP ^8.1CI failing Since Mar 25Pushed 1y ago1 watchersCompare [ Source](https://github.com/vaened/laravel-authorization)[ Packagist](https://packagist.org/packages/enea/laravel-authorization)[ RSS](/packages/enea-laravel-authorization/feed)WikiDiscussions master Synced 3d ago READMEChangelog (1)Dependencies (6)Versions (14)Used By (0) Laravel Authorization ===================== [](#laravel-authorization) [![Build Status](https://github.com/vaened/laravel-authorization/actions/workflows/tests.yml/badge.svg)](https://github.com/vaened/laravel-authorization/actions?query=workflow%3ATests) [![Scrutinizer Code Quality](https://camo.githubusercontent.com/278a484ee3a0b58c8db60e8cd7566779b8a348a8cfb4ef1397679487012e2f95/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f7661656e65642f6c61726176656c2d617574686f72697a6174696f6e2f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/vaened/laravel-authorization/?branch=master) [![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md) Laravel Authorization is a package that provides a simple administration interface for roles and permissions. ``` // create authorizations $cashier = $this->roles->create('Cashier'); $create = $this->permissions->create('Create Documents'); $annul = $this->permissions->create('Annul Documents'); // grant authorizations $cashier->grantMultiple([$create, $annul]); $user->grant($cashier); // check $user->isMemberOf('cashier'); // true $user->can('create-documents'); // true $user->can('annul-documents'); // true // deny authorizations $user->deny('annul-documents'); // now $user->can('annul-documents'); // false ``` Table of Contents ----------------- [](#table-of-contents) - [Installation](#installation) - [Quick Start](#quick-start) - [checks](#checks) - [`GRANT`](#grant) - [`REVOKE`](#revoke) - [`DENY`](#deny) - [Middleware](#middleware) - [Blade Directives](#blade-directives) Installation ------------ [](#installation) Laravel Authorization requires PHP 8.1. This version supports Laravel 10 only. To get the latest version, simply require the project using Composer: ``` $ composer require enea/laravel-authorization ``` Once installed, if you are not using automatic package discovery, then you need to register the [Enea\\Authorization\\AuthorizationServiceProvider](https://github.com/eneav/laravel-authorization/blob/master/src/AuthorizationServiceProvider.php)service provider in your `config/app.php`. and finally, it only remains to run in the console: ``` $ php artisan authorization:install ``` Quick Start ----------- [](#quick-start) Starting with laravel-authorization is as simple as extending the `User` model that provides the package: ``` use Enea\Authorization\Models\User as Authorizable; class User extends Authorizable { // } ``` Or in case you need to customize your user model, you must implement the `Enea\Authorization\Contracts\Authorisable` interface and use the `Enea\Authorization\Traits\Authorisable` trait: ``` use Enea\Authorization\Contracts\Authorizable as AuthorizableContract; use Enea\Authorization\Traits\Authorizable; use Illuminate\Auth\Authenticatable; use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract; use Illuminate\Database\Eloquent\Model; class User extends Model implements AuthenticatableContract, AuthorizableContract { use Authenticatable, Authorizable; } ``` ### Checks [](#checks) There are some methods available for checking roles and permissions: MethodParameterReturncanpermission-namebooleancannotpermission-namebooleanisMemberOfrole-namebooleanisntMemberOfrole-nameboolean#### Example [](#example) ``` // verify if a user has a permission $user->can('permission-name'); // verify if a user does not have a permission $user->cannot('permission-name'); // verify if a user is a member of a role $user->isMemberOf('role-name'); // verify if a user is not a member of a role $user->isntMemberOf('role-name'); ``` On the other hand, a role can only have permissions: ``` // verify if a role has a permission $role->can('permission-name'); // verify if a role does not have a permission $role->cannot('permission-name'); ``` ### GRANT [](#grant) Simplify the way in which roles and permissions are granted, both can be granted through the `grant` method in your model, you can see an example [here](https://github.com/eneav/laravel-authorization-example/blob/master/database/seeds/AuthorizationsSeeder.php) ``` // grant an authorization to user $user->grant($authorization); // grant multiple authorizations to user $user->grantMultiple([$permission, $role]); // grant a permission to role $role->grant($permission); // grant multiple permissions to role $user->grantMultiple([$firstPermission, $secondPermission]); ``` ### REVOKE [](#revoke) To revoke a permission or role of a model, you must use the `revoke` or `revokeMultiple` method: ``` // revoke an authorization to a user $user->revoke($authorization); // revoke multiple authorizations of a user $user->revokeMultiple([$permission, $role]); // revoke a permission to a role $role->revoke($permission); // revoke multiple permissions of a role $user->revokeMultiple([$firstPermission, $secondPermission]); ``` ### DENY [](#deny) To prohibit certain accesses to a user can do it through the method `deny` and `denyMultiple`: ``` // deny a permission to a user $user->deny($permission); // deny multiple permissions to a user $user->denyMultiple($permissions); ``` Middleware ---------- [](#middleware) The middleware are activated automatically from the beginning, to change this you can do it from the [configuration](https://github.com/eneav/laravel-authorization/blob/master/config/authorization.php) file: ``` // automatic middleware configuration. 'middleware' => [ 'enabled' => true, 'permissions' => [ 'alias' => 'authenticated.can', 'class' => \Enea\Authorization\Middleware\PermissionAuthorizerMiddleware::class, ], 'roles' => [ 'alias' => 'authenticated.is', 'class' => \Enea\Authorization\Middleware\RoleAuthorizerMiddleware::class, ], ], ``` Or in case you want to do a manual configuration you can deactivate the automatic load and modify your [kernel](https://github.com/eneav/laravel-authorization-example/blob/master/app/Http/Kernel.php#L64-L65) file: ``` protected $routeMiddleware = [ ... // laravel-authorization 'authenticated.can' => \Enea\Authorization\Middleware\PermissionAuthorizerMiddleware::class, 'authenticated.is' => \Enea\Authorization\Middleware\RoleAuthorizerMiddleware::class, ]; ``` Then you can use it in your routes like any other [middleware](https://github.com/eneav/laravel-authorization-example/blob/master/routes/web.php#L33-L40): ``` $router->get('create', 'CreateController@create')->middleware('authenticated.can:create-articles'); $router->get('admin', 'DashboardController@index')->middleware('authenticated.is:admin'); ``` In case any user tries to access a protected route without authorization, an exception of type [`UnauthorizedOwnerException`](https://github.com/eneav/laravel-authorization/blob/master/src/Exceptions/UnauthorizedOwnerException.php) will be throw. ### Custom errors [](#custom-errors) To show a custom error, we can edit the [`Handler`](https://github.com/eneav/laravel-authorization-example/blob/master/app/Exceptions/Handler.php#L52-L54) file: ``` public function render($request, Exception $exception) { if ($exception instanceof UnauthorizedOwnerException) { return redirect()->route('custom-unauthorized-route'); } return parent::render($request, $exception); } ``` Blade Directives ---------------- [](#blade-directives) This package also adds Blade directives to verify if the currently connected user has a specific role or permission. Optionally you can pass in the `guard` that the check will be performed on as a second argument. ### For Roles [](#for-roles) ``` @authenticatedIs('articles-owner') // is articles owner @else // it's not articles owner @endauthenticatedIs ``` and to deny ``` @authenticatedIsnt('articles-owner') // it's not articles owner @else // is articles owner @endauthenticatedIsnt ``` ### For Permissions [](#for-permissions) ``` @authenticatedCan('edit-articles') // can edit articles @else // cannot edit articles @endauthenticatedCan ``` and to deny ``` @authenticatedCannot('edit-articles') // cannot edit articles @else // can edit articles @endauthenticatedCannot ``` Examples -------- [](#examples) [Simple CRUD](https://github.com/eneav/laravel-authorization-example) Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently. License ------- [](#license) Laravel Authorization is licensed under [The MIT License (MIT)](LICENSE.md). ### Health Score 38 — LowBetter than 85% of packages Maintenance34 Infrequent updates — may be unmaintained Popularity15 Limited adoption so far Community8 Small or concentrated contributor base Maturity79 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~211 days Recently: every ~357 days Total 12 Last Release 647d ago Major Versions V0.2.1 → V1.0.02018-04-15 V1.3.0 → V2.0.02022-07-11 V2.0.0 → v3.02024-08-05 PHP version history (4 changes)V0.0.1PHP ^7.1.3 V1.2.0PHP ^7.4 V1.3.0PHP ^7.4|^8.0 V2.0.0PHP ^8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/ebfa2dc9bcd9f9f7cea1f5473811d3c3904f60716e5605ab0d7208a9a6b81f09?d=identicon)[vaened](/maintainers/vaened) --- Top Contributors [![vaened](https://avatars.githubusercontent.com/u/15077850?v=4)](https://github.com/vaened "vaened (342 commits)") --- Tags authorizationsenealaravellaravel-authorizationpermissionsroleslaravelsecurityauthorizationaclpermissionenea ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/enea-laravel-authorization/health.svg) ``` [![Health](https://phpackages.com/badges/enea-laravel-authorization/health.svg)](https://phpackages.com/packages/enea-laravel-authorization) ``` ### Alternatives [efficiently/authority-controller AuthorityController is an PHP authorization library for Laravel 5 which restricts what resources a given user is allowed to access. 15533.2k](/packages/efficiently-authority-controller)[hosseinhezami/laravel-permission-manager Advanced permission manager for Laravel. 403.3k](/packages/hosseinhezami-laravel-permission-manager)[sourceboat/laravel-static-permission Define laravel permissions and roles by code 1018.0k](/packages/sourceboat-laravel-static-permission) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)