PHPackages goldoni/laravel-model-permissions - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. goldoni/laravel-model-permissions ActiveLibrary[Authentication & Authorization](/categories/authentication) goldoni/laravel-model-permissions ================================= Model-scoped and global permission sync, base policies, role provisioning, and Super Admin override (Spatie-compatible). v0.1.1(8mo ago)01MITPHPPHP ^8.2CI passing Since Sep 2Pushed 7mo agoCompare [ Source](https://github.com/fgoldoni/laravel-model-permissions)[ Packagist](https://packagist.org/packages/goldoni/laravel-model-permissions)[ Docs](https://github.com/fgoldoni/laravel-model-permissions)[ RSS](/packages/goldoni-laravel-model-permissions/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (3)Used By (0) 🌟 Laravel Model Permissions =========================== [](#-laravel-model-permissions) > Model-scoped **and** global permissions with a clean naming convention, optional Spatie integration, a reusable base policy, Super Admin override, and artisan sync tooling — built with SOLID principles. [![PHP](https://camo.githubusercontent.com/dc6c5e72655517268a9687dc57a92a13d73901bce5df28c0867be21faee9ca5f/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e322b2d3737374242333f6c6f676f3d706870266c6f676f436f6c6f723d7768697465)](https://camo.githubusercontent.com/dc6c5e72655517268a9687dc57a92a13d73901bce5df28c0867be21faee9ca5f/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e322b2d3737374242333f6c6f676f3d706870266c6f676f436f6c6f723d7768697465) [![License](https://camo.githubusercontent.com/f8df3091bbe1149f398a5369b2c39e896766f9f6efba3477c63e9b4aa940ef14/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e)](https://camo.githubusercontent.com/f8df3091bbe1149f398a5369b2c39e896766f9f6efba3477c63e9b4aa940ef14/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e) [![Spatie Optional](https://camo.githubusercontent.com/2f3f48caf9702b6f0126def20cc335cd2b91f2a63437df6b2d1a4e8f4e7568cb/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5370617469652d6f7074696f6e616c2d626c7565)](https://camo.githubusercontent.com/2f3f48caf9702b6f0126def20cc335cd2b91f2a63437df6b2d1a4e8f4e7568cb/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5370617469652d6f7074696f6e616c2d626c7565) --- ✨ Features ---------- [](#-features) - 🔑 **Permission keys**: `modelNameAbility` (camelCase), e.g. `userViewAny`, `orderUpdate`, `blogPostDeleteAny` - 🧱 **Policies**: `BaseModelPolicy` + `ChecksModelPermissions` trait - 🦸 **Super Admin**: configurable role bypass via `Gate::before` - 👥 **Roles**: Super Admin, Manager, User (configurable) - 🧩 **Global permissions** (not tied to any model), e.g. `impersonate` - ⚙️ **Artisan sync**: generate permissions, create roles, assign permissions - 🧠 **SOLID** design: services, interfaces, swappable repositories (Spatie or null) --- 📦 Installation -------------- [](#-installation) ``` composer require goldoni/laravel-model-permissions ``` > Spatie is optional but recommended for storing roles and permissions. ``` composer require spatie/laravel-permission php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider" php artisan migrate ``` Publish this package config: ``` php artisan vendor:publish --tag="model-permissions-config" ``` --- ⚙️ Configuration ---------------- [](#️-configuration) `config/model-permissions.php` (excerpt) ``` return [ 'guard_name' => 'web', 'super_admin_role' => 'Super Admin', 'roles' => [ 'super_admin' => 'Super Admin', 'manager' => 'Manager', 'user' => 'User', ], 'models' => [ App\Models\User::class, App\Models\Event::class, App\Models\Order::class, App\Models\Customer::class, ], 'abilities' => [ 'viewAny','view','create','update','delete','deleteAny', 'restore','restoreAny','forceDelete','forceDeleteAny', 'replicate','reorder','attach','attachAny','detach','detachAny', ], 'global_permissions' => [ 'impersonate','accessAdmin','viewReports', ], 'role_ability_map' => [ 'Super Admin' => ['*'], 'Manager' => ['viewAny','view','create','update','delete','deleteAny','restore','replicate','reorder','attach','attachAny','detach','detachAny'], 'User' => ['viewAny','view','create','update'], ], 'role_model_ability_map' => [ 'Manager' => [ App\Models\User::class => ['viewAny','view','update','delete','deleteAny'], App\Models\Event::class => ['*'], App\Models\Order::class => ['*'], App\Models\Customer::class => ['viewAny','view','create','update'], ], 'User' => [ App\Models\Ticket::class => ['viewAny','view','create'], App\Models\Order::class => ['viewAny','view'], App\Models\Event::class => ['viewAny','view'], ], ], 'role_global_permissions' => [ 'Super Admin' => ['*'], 'Manager' => ['viewReports','accessAdmin'], 'User' => [], ], ]; ``` --- 🚀 Quick Start ------------- [](#-quick-start) Generate permissions for your configured models and abilities: ``` php artisan model-permissions:sync ``` Preview without writing anything: ``` php artisan model-permissions:sync --dry ``` Create roles and assign permissions from the config maps: ``` php artisan model-permissions:sync --with-roles ``` Replace existing role assignments instead of adding: ``` php artisan model-permissions:sync --with-roles --reset ``` --- 🧭 Naming Convention ------------------- [](#-naming-convention) Permission key = `lcfirst(class_basename(Model)) . ucfirst(ability)` Examples: - `App\Models\User` + `viewAny` → `userViewAny` - `App\Models\Order` + `update` → `orderUpdate` - `App\Models\BlogPost` + `deleteAny` → `blogPostDeleteAny` Global permissions are plain strings, e.g. `impersonate`. --- 🧑‍⚖️ Using Policies ------------------- [](#‍️-using-policies) Extend the base policy and set the model class: ``` namespace App\Policies; use App\Models\Post; use Goldoni\ModelPermissions\Policies\BaseModelPolicy; class PostPolicy extends BaseModelPolicy { protected string $modelClass = Post::class; } ``` Register in your `AuthServiceProvider` as usual. Then authorize as you normally do: ``` $user->can('postUpdate'); $user->can('postDeleteAny'); ``` --- 🦸 Super Admin Override ---------------------- [](#-super-admin-override) If the authenticated user has the configured `super_admin_role` on the configured `guard_name`, all checks are allowed via `Gate::before`. Change both in the config to fit your app. --- 🌍 Global Permissions -------------------- [](#-global-permissions) Add any app-wide abilities under `global_permissions`, for example: ``` 'global_permissions' => ['impersonate','accessAdmin'] ``` Assign them per role via: ``` 'role_global_permissions' => [ 'Super Admin' => ['*'], 'Manager' => ['accessAdmin'], ] ``` Check them with: ``` $user->can('impersonate'); ``` --- 🧠 Architecture (SOLID) ---------------------- [](#-architecture-solid) - **Services**: - `SyncPermissionsService` (build + sync permission names) - `RoleAssignmentService` (resolve + assign role permissions) - **Interfaces**: - `AuthorizationRepositoryInterface` (storage abstraction) - `PermissionNamerInterface` (naming strategy) - **Repositories**: - `SpatieAuthorizationRepository` - `NullAuthorizationRepository` (no-op when Spatie is absent) This keeps the command thin and your domain logic testable and replaceable. --- 🧰 Troubleshooting ----------------- [](#-troubleshooting) - ❗ `BindingResolutionException` for services Run `composer dump-autoload -o` and ensure the service provider is auto-discovered (it is via `extra.laravel.providers`). - ❗ Permissions created but roles not updated Use `--with-roles` and optionally `--reset`. Ensure Spatie tables are migrated. - ❗ Super Admin does not bypass Verify the role name and guard in `config/model-permissions.php`, and that the user actually has the role on that guard. - ❗ Keys not matching your expectations Confirm models and abilities in config. Naming uses the class basename lowercased first letter + `ucfirst(ability)`. --- 🤝 Contributing -------------- [](#-contributing) Issues and PRs are welcome. Keep code PSR-12, no inline comments, English identifiers. --- 📄 License --------- [](#-license) MIT © Goldoni Bogning Fouotsa ``` ``` ### Health Score 29 — LowBetter than 60% of packages Maintenance63 Regular maintenance activity Popularity1 Limited adoption so far Community8 Small or concentrated contributor base Maturity39 Early-stage or recently created project Bus Factor1 Top contributor holds 91.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~10 days Total 2 Last Release 242d ago PHP version history (2 changes)v0.1.0PHP ^8.4 v0.1.1PHP ^8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/95da194c144c422b08b758a7188a10b5b14610288654bf5307143e0b15f49799?d=identicon)[fgoldoni](/maintainers/fgoldoni) --- Top Contributors [![fgoldoni](https://avatars.githubusercontent.com/u/23716281?v=4)](https://github.com/fgoldoni "fgoldoni (11 commits)")[![FouotsaTHAG](https://avatars.githubusercontent.com/u/235260992?v=4)](https://github.com/FouotsaTHAG "FouotsaTHAG (1 commits)") --- Tags spatielaravelauthorizationaclrolespermissionsnovapoliciesgatePolicylaravel-permissionmodel-permissionsglobal-permissions ### Embed Badge ![Health badge](/badges/goldoni-laravel-model-permissions/health.svg) ``` [![Health](https://phpackages.com/badges/goldoni-laravel-model-permissions/health.svg)](https://phpackages.com/packages/goldoni-laravel-model-permissions) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[pktharindu/nova-permissions Laravel Nova Grouped Permissions (ACL) 136387.1k](/packages/pktharindu-nova-permissions)[silvanite/novatoolpermissions Laravel Nova Permissions (Roles and Permission based Access Control (ACL)) 100256.7k2](/packages/silvanite-novatoolpermissions)[shanmuga/laravel-entrust This package provides a flexible solution to add ACL to Laravel 68312.9k2](/packages/shanmuga-laravel-entrust)[hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)