PHPackages                             enriko/laravel-attribute-restrictor - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. enriko/laravel-attribute-restrictor

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

enriko/laravel-attribute-restrictor
===================================

For Laravel. Easy way to restrict access to specified attributes in a Model

v1.0.0(1y ago)012GPL-3.0-or-laterPHPPHP ^8.2

Since Jan 25Pushed 1y ago1 watchersCompare

[ Source](https://github.com/Rikolik/LaravelAttributeRestrictor)[ Packagist](https://packagist.org/packages/enriko/laravel-attribute-restrictor)[ RSS](/packages/enriko-laravel-attribute-restrictor/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (1)Dependencies (2)Versions (2)Used By (0)

LaravelAttributeRestrictor
==========================

[](#laravelattributerestrictor)

This package offers an easy way to hide specific attributes from a model to specific situations. You can hide important data to specific users by using a trait with a couple of methods. Every other place that uses the model's data, will be restricted

How to use
----------

[](#how-to-use)

### Install

[](#install)

Install the package from [packagist](https://packagist.org/packages/enriko/laravel-attribute-restrictor) using composer:

```
composer require enriko/laravel-attribute-restrictor
```

(**Recomended**) Publish the config file:

```
php artisan vendor:publish --tag=config
```

### Configure

[](#configure)

Add the **RestrictedAttributes** Trait to your *model*:

```
use Enriko\LaravelAttributeRestrictor\Traits\RestrictedAttributes;

class User extends Authenticatable
{
    use RestrictedAttributes;
    // ...
}
```

Choose the attributes you wish to restrict with the **getRestrictedAttributes** method:

```
public static function getRestrictedAttributes(): array
{
    return [
        'name',
        'email'
    ];
}
```

Define the **restrictions conditions** by:

#### Specific definition using getAttributeRestrictions

[](#specific-definition-using-getattributerestrictions)

If the attribute's condition is ***false***, the attribute will be replaced:

```
public static function getAttributeRestrictions($attr): callable|bool
{
    return match ($attr) {
        'name' => fn() => Auth::user()->can('see_names'), // varies by user
        'email' => false, // always restricts
        default => true // doesn't restrict
    };
}
```

#### Specific definition using array

[](#specific-definition-using-array)

Same as the previous options, but expects an array returning method:

```
public static function getAttributeRestrictionsArray(): array
{
    return [
        'name' => fn() => Auth::user()->can('see_names'), // varies by user
        'email' => false, // always restricts
    ];
}
```

#### Globally restriction

[](#globally-restriction)

Defines a single restriction, if it's false, ***all*** attributes defined on **getRestrictedAttributes** will be restricted

```
public static function getGlobalRestriction() : callable|bool {
    return Auth::user()->can('see_sensitive_data');
}
```

### Define the substitute text

[](#define-the-substitute-text)

If the attribute is restricted, you can return something else in it's place. If you **published** the *config* file, you can modify it on:

> root\\config\\enriko\\attribute-restriction.php

But, you can also set individual messages for the model using the **getReplacedText** method:

```
private function getReplacedText()
{
    return 'You can't see user information';
}
```

### Get the data

[](#get-the-data)

Finally, when you **get** the model's data, it will validate the restrictions. If your user pass, it'll see the info, unchanged. If not, it'll be replaced by the substitute restriction text.

#### Examples

[](#examples)

Imagine a User model with the following data:

idnameaccount\_number1Foo123452Bar555553Baz00220Normally, if you use **$User-&gt;get()**, you will get:

```
{
    id: 1,
    name: 'Foo',
    account_number: '12345'
},
{
    id: 2,
    name: 'Bar',
    account_number: '55555'
}
{
    id: 3,
    name: 'Baz',
    account_number: '00220'
}
```

Now, let's say we configure the **account\_number** as restricted. If the user can't access this information, **$User-&gt;get()** will return:

```
{
    id: 1,
    name: 'Foo',
    account_number: 'Restricted'
},
{
    id: 2,
    name: 'Bar',
    account_number: 'Restricted'
}
{
    id: 3,
    name: 'Baz',
    account_number: 'Restricted'
}
```

Same thing for using **$User-&gt;only(\['name', 'account\_number'\])** and **$User-&gt;account\_number**.

#### Get *original* data

[](#get-original-data)

Sometimes, you might want to deal with the data, in this case, you don't want it to be substituted by some generic text.

Fundamentally, the restriction works as another cast, so you can ignore with by using **getRawOriginal**:

```
// $User = 'Foo'
$User->getRawOriginal('account_number'); // will return 12345, no matter what
```

###  Health Score

28

—

LowBetter than 54% of packages

Maintenance42

Moderate activity, may be stable

Popularity5

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity50

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

472d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/c588965cc54f0cca810ca377f049691ff6bd2825b9a31fe834f42291f741dbd2?d=identicon)[enriko](/maintainers/enriko)

---

Top Contributors

[![Rikolik](https://avatars.githubusercontent.com/u/37848292?v=4)](https://github.com/Rikolik "Rikolik (18 commits)")

---

Tags

laravelsecuritypermissionrolespermissionscastingcast

### Embed Badge

![Health badge](/badges/enriko-laravel-attribute-restrictor/health.svg)

```
[![Health](https://phpackages.com/badges/enriko-laravel-attribute-restrictor/health.svg)](https://phpackages.com/packages/enriko-laravel-attribute-restrictor)
```

###  Alternatives

[spatie/laravel-permission

Permission handling for Laravel 12 and up

12.9k89.8M1.0k](/packages/spatie-laravel-permission)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[wnikk/laravel-access-rules

Simple system of ACR (access control rules) for Laravel, with roles, groups, unlimited inheritance and possibility of multiplayer use.

103.6k1](/packages/wnikk-laravel-access-rules)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)