PHPackages                             halaabdulmottleeb/bitmask-permissions - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. halaabdulmottleeb/bitmask-permissions

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

halaabdulmottleeb/bitmask-permissions
=====================================

A Laravel authorization package that uses bitmask-based permissions to support object-level (per-resource) access control.

v1.0.2(today)13↑2900%MITPHPPHP ^8.2

Since Jul 1Pushed todayCompare

[ Source](https://github.com/halaabdulmottleeb/bitmask-permissions)[ Packagist](https://packagist.org/packages/halaabdulmottleeb/bitmask-permissions)[ RSS](/packages/halaabdulmottleeb-bitmask-permissions/feed)WikiDiscussions main Synced today

READMEChangelogDependencies (6)Versions (3)Used By (0)

Bitmask Permissions
===================

[](#bitmask-permissions)

A lightweight, high-performance authorization package for Laravel that stores permissions as **integer bitmasks** instead of relational pivot tables.

Every permission a subject holds on a resource is packed into a single integer column, so checks are a single indexed query with a bitwise `AND` — no joins, no pivot-row lookups. It supports both **object-level** (per-record) and **global** (resource-wide) grants out of the box.

Why bitmasks?
-------------

[](#why-bitmasks)

Traditional permission packages store each grant as one or more rows across several pivot tables. This package stores all of a subject's permissions on a given resource in one `BIGINT`:

Pivot-table approachBitmask (this package)Storage per grantmultiple rows across pivot tablesa single integer columnPermission checkrow lookups / joinsone bitwise `AND` in a single indexed queryObject-level permissionsnot first-classnative (`resource_type` + nullable `resource_id`)Combining permissionsinsert / delete rowsbitwise `OR` / `AND`**Trade-off:** the number of distinct permissions per resource type is capped by the integer width (64 with `BIGINT`), and there are no built-in roles/caching helpers. It's optimized for fast, fine-grained, per-resource checks.

Requirements
------------

[](#requirements)

- PHP `^8.2`
- Laravel 10, 11, 12 ,or 13 (`illuminate/database`, `illuminate/support`)

Installation
------------

[](#installation)

```
composer require halaabdulmottleeb/bitmask-permissions
```

The service provider is auto-discovered. Publish and run the migration:

```
php artisan vendor:publish --tag=bitmask-permissions-migrations
php artisan migrate
```

Optionally publish the config file to change the table name:

```
php artisan vendor:publish --tag=bitmask-permissions-config
```

Usage
-----

[](#usage)

### 1. Define your permissions as bit values

[](#1-define-your-permissions-as-bit-values)

Each permission is a single bit — use powers of two. An enum is a clean way to do this:

```
enum PostPermission: int
{
    case READ   = 1;   // 0001
    case WRITE  = 2;   // 0010
    case UPDATE = 4;   // 0100
    case DELETE = 8;   // 1000
}
```

### 2. Add the trait to any model that can hold permissions

[](#2-add-the-trait-to-any-model-that-can-hold-permissions)

```
use HalaAbdulmottleb\BitmaskPermissions\Traits\HasBitmaskPermissions;
use Illuminate\Database\Eloquent\Model;

class User extends Model
{
    use HasBitmaskPermissions;
}
```

Any Eloquent model works as the **subject** (User, Team, ApiClient, ...) because the relation is polymorphic.

### 3. Grant, check, and revoke

[](#3-grant-check-and-revoke)

```
$user->grantPermissionTo(PostPermission::READ->value, $post);
$user->grantPermissionTo(PostPermission::WRITE->value, $post);

$user->hasPermissionTo(PostPermission::READ->value, $post);  // true
$user->hasPermissionTo(PostPermission::DELETE->value, $post); // false

$user->revokePermission(PostPermission::WRITE->value, $post);
```

### Combining permissions

[](#combining-permissions)

Because permissions are bits, you can grant several at once with a bitwise `OR`:

```
$user->grantPermissionTo(
    PostPermission::READ->value | PostPermission::WRITE->value,
    $post
);
```

`hasPermissionTo()` checks that **all** requested bits are present (`(mask & permission) = permission`).

### Global (resource-wide) grants

[](#global-resource-wide-grants)

The `resource_id` column is nullable. A grant with a null `resource_id` applies to **every** record of that resource type, and `hasPermissionTo()` matches either the specific record or the global grant.

API
---

[](#api)

The `HasBitmaskPermissions` trait adds:

MethodDescription`grantPermissionTo(int $permission, Model $resource)`Adds the permission bit(s) for the subject on the resource.`hasPermissionTo(int $permission, Model $resource): bool`Returns `true` if the subject has all requested bits (record-specific or global).`revokePermission(int $permission, Model $resource)`Clears the permission bit(s) for the subject on the resource.`grantPermissions(): MorphMany`The underlying polymorphic relation to `PermissionGrant`.Configuration
-------------

[](#configuration)

`config/bitmask-permissions.php`:

```
return [
    'table' => 'permission_grants',
];
```

Schema
------

[](#schema)

A single table holds everything:

- `subject_type` / `subject_id` — polymorphic owner of the permissions
- `resource_type` — the resource class (via morph map)
- `resource_id` — nullable; `null` means a global grant for that resource type
- `mask` — the bitmask of granted permissions
- unique on `(subject_type, subject_id, resource_type, resource_id)` — one row per subject–resource pair

Testing
-------

[](#testing)

```
composer install
vendor/bin/pest
```

Tests run against an in-memory SQLite database via Orchestra Testbench.

License
-------

[](#license)

MIT © Hala Abdulmottleb

###  Health Score

42

—

FairBetter than 88% of packages

Maintenance100

Actively maintained with recent releases

Popularity6

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity47

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

0d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/2646a1cd42d12cf22abae2bf0f2863b8537a7de84260c2b5aee4759e2844df28?d=identicon)[halaabdulmottleeb](/maintainers/halaabdulmottleeb)

---

Top Contributors

[![halaabdulmottlebareeb](https://avatars.githubusercontent.com/u/202528181?v=4)](https://github.com/halaabdulmottlebareeb "halaabdulmottlebareeb (13 commits)")

---

Tags

laravelpermissionsbitmask

###  Code Quality

TestsPest

Static AnalysisPHPStan

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/halaabdulmottleeb-bitmask-permissions/health.svg)

```
[![Health](https://phpackages.com/badges/halaabdulmottleeb-bitmask-permissions/health.svg)](https://phpackages.com/packages/halaabdulmottleeb-bitmask-permissions)
```

###  Alternatives

[spatie/laravel-permission

Permission handling for Laravel 12 and up

12.9k102.4M1.3k](/packages/spatie-laravel-permission)[psalm/plugin-laravel

Psalm plugin for Laravel

3355.3M345](/packages/psalm-plugin-laravel)[laravel/ai

The official AI SDK for Laravel.

1.0k3.2M184](/packages/laravel-ai)[yajra/laravel-oci8

Oracle DB driver for Laravel via OCI8

8793.2M24](/packages/yajra-laravel-oci8)[glushkovds/phpclickhouse-laravel

Adapter of the most popular library https://github.com/smi2/phpClickHouse to Laravel

2051.5M2](/packages/glushkovds-phpclickhouse-laravel)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6783.6k6](/packages/hasinhayder-tyro)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
