PHPackages farhoudi/laravel-rbac - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. farhoudi/laravel-rbac ActiveLibrary[Authentication & Authorization](/categories/authentication) farhoudi/laravel-rbac ===================== Role based access control for Laravel 5+ 1.2.0(5y ago)262MITPHPPHP >=5.6.0 Since Nov 6Pushed 5y ago1 watchersCompare [ Source](https://github.com/farhoudi/laravel-rbac)[ Packagist](https://packagist.org/packages/farhoudi/laravel-rbac)[ RSS](/packages/farhoudi-laravel-rbac/feed)WikiDiscussions master Synced 2d ago READMEChangelog (1)Dependencies (1)Versions (4)Used By (0) Laravel RBAC ============ [](#laravel-rbac) Laravel Role Based Access Control for Laravel 5+. Installation ------------ [](#installation) Require via composer: ``` composer require farhoudi/laravel-rbac:^1 ``` Register service provider to the `providers` array in `config/app.php` ``` Farhoudi\Rbac\RbacServiceProvider::class, ``` Publish migration files ``` $ php artisan vendor:publish --provider="Farhoudi\Rbac\RbacServiceProvider" ``` Run migrations ``` $ php artisan migrate ``` Add RBAC middleware to your `app/Http/Kernel.php` ``` protected $routeMiddleware = [ 'permission' => 'Farhoudi\Rbac\Middleware\HasPermission::class', 'role' => 'Farhoudi\Rbac\Middleware\HasRole::class', ]; ``` Add Rbac trait to your `User` model ``` use Farhoudi\Rbac\Rbac; class User extends Authenticatable { use Rbac; ... } ``` Usage ----- [](#usage) ### Roles [](#roles) #### Create role [](#create-role) ``` $adminRole = new Role; $adminRole->name = 'Administrator'; $adminRole->slug = 'administrator'; $adminRole->description = 'System Administrator'; $adminRole->save(); $editorRole = new Role; $editorRole->name = 'Editor'; $editorRole->slug = 'editor'; $editorRole->description = 'Editor'; $editorRole->save(); ``` #### Assign role to user [](#assign-role-to-user) ``` $user = User::find(1); $user->roles()->attach($adminRole->id); ``` you can also assign multiple roles at once ``` $user->roles()->attach([$adminRole->id, $editorRole->id]); ``` #### Revoke role from user [](#revoke-role-from-user) ``` $user->roles()->detach($adminRole->id); ``` you can also revoke multiple roles at once ``` $user->roles()->detach([$adminRole->id, $editorRole->id]); ``` #### Sync roles [](#sync-roles) ``` $user->roles()->sync([$editorRole->id]); ``` Any role already assigned to user will be revoked if you don't pass its id to sync method. ### Permissions [](#permissions) #### Create permission [](#create-permission) ``` $createUser = new Permission; $createUser->name = 'Create user'; $createUser->slug = 'user.create'; $createUser->description = 'Permission to create user'; $createUser->save(); $updateUser = new Permission; $updateUser->name = 'Update user'; $updateUser->slug = 'user.update'; $updateUser->description = 'Permission to update user'; $updateUser->save(); ``` #### Assign permission to role [](#assign-permission-to-role) ``` $adminRole = Role::find(1); $adminRole->permissions()->attach($createUser->id); ``` you can also assign multiple permissions at once ``` $adminRole->permissions()->attach([$createUser->id, $updateUser->id]); ``` #### Revoke permission from role [](#revoke-permission-from-role) ``` $adminRole->permissions()->detach($createUser->id); ``` you can also revoke multiple permissions at once ``` $adminRole->permissions()->detach([$createUser->id, $updateUser->id]); ``` #### Sync permissions [](#sync-permissions) ``` $adminRole->permissions()->sync([$updateUser->id]); ``` Any permission already assigned to role will be revoked if you don't pass its id to sync method. ### Check user roles/permissions [](#check-user-rolespermissions) Roles and permissions can be checked on `User` instance using `hasRole` and `canDo` methods. ``` $isAdmin = Auth::user()->hasRole('administrator'); // pass role slug as parameter $isAdminOrEditor = Auth::user()->hasRole('administrator|editor'); // using OR operator $canUpdateUser = Auth::user()->canDo('update.user'); // pass permission slug as parameter $canUpdateOrCreateUser = Auth::user()->canDo('update.user|create.user'); // using OR operator ``` ### Protect routes [](#protect-routes) Laravel RBAC provides middleware to protect single route and route groups. Middleware expects 2 comma separated params: - **is** or **can** as first param - what to check (role/permission) - role/permission slug as second param ``` Route::get('/backend', [ 'uses' => 'BackendController@index', 'middleware' => ['auth', 'rbac:is,administrator'] ]); Route::get('/backend', [ 'uses' => 'BackendController@index', 'middleware' => ['auth', 'rbac:is,administrator|editor'] ]); Route::get('/dashboard', [ 'uses' => 'DashboardController@index', 'middleware' => ['auth', 'rbac:can,view.dashboard'] ]); Route::get('/dashboard', [ 'uses' => 'DashboardController@index', 'middleware' => ['auth', 'rbac:can,view.dashboard|view.statistics'] ]); ``` ### Blade directive [](#blade-directive) Laravel RBAC provides two Blade directives to check if user has role/permission assigned. Check for role ``` @ifUserIs('administrator') // show admin content here @else // sorry @endif @ifUserIs('administrator|editor') // show editor content here @else // sorry @endif ``` Check for permission ``` @ifUserCan('delete.user') // show delete button @endif @ifUserCan('delete.user|manage.user') // show delete button @endif ``` License ------- [](#license) Laravel RBAC is open-sourced software licensed under the [MIT license](http://opensource.org/licenses/MIT) ### Health Score 25 — LowBetter than 37% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity11 Limited adoption so far Community7 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 2013d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/28bbf183b786873620d0c00d15b6090a3928642a8f45cbde50f2dde3987ca4d0?d=identicon)[farhoudi](/maintainers/farhoudi) --- Top Contributors [![farhoudi](https://avatars.githubusercontent.com/u/7499683?v=4)](https://github.com/farhoudi "farhoudi (11 commits)") --- Tags laravelaclpermissionrbacrole ### Embed Badge ![Health badge](/badges/farhoudi-laravel-rbac/health.svg) ``` [![Health](https://phpackages.com/badges/farhoudi-laravel-rbac/health.svg)](https://phpackages.com/packages/farhoudi-laravel-rbac) ``` ### Alternatives [efficiently/authority-controller AuthorityController is an PHP authorization library for Laravel 5 which restricts what resources a given user is allowed to access. 15533.2k](/packages/efficiently-authority-controller)[itstructure/laravel-rbac Laravel package for RBAC manage 566.6k](/packages/itstructure-laravel-rbac)[dlnsk/h-rbac Based on native Laravel's gates and policies. Hierarchical RBAC with callbacks. 378.3k](/packages/dlnsk-h-rbac)[orchestra/auth Auth Component for Orchestra Platform 24108.5k3](/packages/orchestra-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)