PHPackages kordy/auzo - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. kordy/auzo AbandonedArchivedPackage[Authentication & Authorization](/categories/authentication) kordy/auzo ========== Central management interface for Laravel authorize v1.1.6(9y ago)101001MITPHP Since May 16Pushed 9y ago4 watchersCompare [ Source](https://github.com/thekordy/auzo)[ Packagist](https://packagist.org/packages/kordy/auzo)[ RSS](/packages/kordy-auzo/feed)WikiDiscussions master Synced 2mo ago READMEChangelog (8)Dependencies (5)Versions (9)Used By (0) Central management of Laravel authorization with database and user roles for Laravel 5.1, 5.2, and 5.3. Ever thought about a way to put a policy or condition on every permission as a restriction, something like: allow authenticated user to modify posts **Only if he is the post author** or **Only if he is in the same group as the author**or **Only if the post is not published** ... etc Not like other roles based packages, this package fills this gap by restricting user's role permission with a condition/policy, as it follows [Attribute-Based Access Controll (ABAC)](https://en.wikipedia.org/wiki/Attribute-Based_Access_Control) approach as Laravel authorize does. Database tables will be installed to store abilities, user roles, permissions, and custom condition/policy per each permission you give. [AuzoTools](https://github.com/thekordy/auzo-tools/) package is required and will be installed, it provides several great tools that facilitates Laravel authorize management. What you can do with this package: ---------------------------------- [](#what-you-can-do-with-this-package) 1. [Manage Abilities](#abilities) 2. [Manage Roles](#roles) 3. [Manage Conditions/Policies](#policies) 4. [Manage Permissions](#permissions) 5. [Generate abilities](#generate-abilities) Installation ============ [](#installation) You can install the package via composer: ``` composer require kordy/auzo ``` This service provider must be installed. ``` // config/app.php 'providers' => [ ... Kordy\Auzo\AuzoServiceProvider::class, Kordy\AuzoTools\AuzoToolsServiceProvider::class, ]; ``` You can publish the migrations with: ``` php artisan vendor:publish --provider="Kordy\Auzo\AuzoServiceProvider" --tag="migrations" ``` After the migration has been published you can create the role- and permission-tables by running the migrations: ``` php artisan migrate ``` You can publish the config file with: ``` php artisan vendor:publish --provider="Kordy\Auzo\AuzoServiceProvider" --tag="config" ``` Finally, you have to add the `HasRoleTrait` trait to the user's model where you want to assign roles to them. ``` // App\User.php class User extends ... { use ..., Kordy\Auzo\Traits\HasRoleTrait; ... ``` Customization ------------- [](#customization) You can replace or extend any model of the package through the configuration file, create your own class, use the model trait, modify any function, and just add the new class path in the config/auzo.php file. `config/auzo.php` contents: ``` /* /* |-------------------------------------------------------------------------- | Auzo Authorize Registrar |-------------------------------------------------------------------------- | | You may here add custom registrar where the Laravel Gate abilities are defined | */ 'registrar' => \Kordy\Auzo\Services\PermissionRegistrar::class, /* |-------------------------------------------------------------------------- | Auzo models paths |-------------------------------------------------------------------------- | | You may here add custom models paths to be used instead of models included | with the package | */ 'models' => [ 'user' => $user_model, 'ability' => \Kordy\Auzo\Models\Ability::class, 'policy' => \Kordy\Auzo\Models\Policy::class, 'permission' => \Kordy\Auzo\Models\Permission::class, 'role' => \Kordy\Auzo\Models\Role::class, ], ``` Usage ===== [](#usage) Abilities --------- [](#abilities) By default Laravel authorize abilities are [defined](https://laravel.com/docs/5.1/authorization#defining-abilities)statically through the service provider, this package gives more flexibility by creating them in the database and automatically defines them. Manage abilities using AuzoAbility Facade: ``` AuzoAbility::create([ 'name' => 'ability.name', 'label' => 'Abiliy Label', 'tag' => 'ability.tag' ]); ``` Manage abilities using `auzo:ability` artisan command: ``` # create new ability php artisan auzo:ability create 'ability.index' --label='Ability Index' --tag='ability' # delete ability php artisan auzo:ability delete 'ability.index' ``` Roles ----- [](#roles) Auzo approaches Role Based Access Control (RBAC) methodology, All users get their permissions "only" through their role, that is for better usability and scalability, and to maintain solid and non-conflict polices from different roles, "only" single role is allowed per user. Manage roles using AuzoRole Facade: ``` $role = AuzoRole::create([ 'name' => 'testRole', 'description' => 'test role description' ]); ``` Manage roles using `auzo:role` artisan command: ``` # create new role php artisan auzo:role create 'testRole' --description='testing role' # delete role php artisan auzo:role delete 'testRole' ``` Assign role to a user using `hasRole` trait relationship: ``` // by role instance $user->assignRole($role); // or by role id $user->assignRole(2); // or by role name $user->assignRole('testRole'); ``` Manage user role assignment using `auzo:user` artisan command: ``` # assign role to users php artisan auzo:user assign '1,2,3' 'SomeRole' # revoke role from users php artisan auzo:user revoke '1,2,3' 'SomeRole' ``` Policies -------- [](#policies) You can define custom conditions or as we name it here "policies", policy is a custom function (that you have created somewhere) which defines some conditions that have to be met before granting the permission to a user. example: grant a user permission if the user is the owner of the post. ``` // App\Post public function owner($ability, $role, $user, $model) { return $user->id == $model->usr_id; } ``` see [src/Services/AccessPolicies.php](https://github.com/thekordy/auzo/blob/master/src/Services/AccessPolicies.php) for more examples. Manage policies through AuzoPolicy Facade: ``` $policy = AuzoPolicy::create([ 'name' => 'Post Owner', 'method' => 'App\Post@owner', ]); ``` Manage policies using `auzo:policy` artisan command: ``` # create new policy php artisan auzo:policy create --name='Test Policy' --method='Controller@policy' # delete policy by id php artisan auzo:policy delete --id=1 ``` Permissions ----------- [](#permissions) Give role a permission to an ability: ``` // by ability instance $role->givePermissionTo($ability); // or by ability id $role->givePermissionTo(3); // or by array of abilities ids $role->givePermissionTo([1,3]); // or by ability name $role->givePermissionTo('ability.name'); // remove permission by passing ability name $role->removePermissionTo('ability.name'); ``` Give role a permission to an ability restricted by policy: ``` $role->givePermissionTo($ability->name) ->addPolicy($policy1) ->addPolicy([$policy2->id => ['operator' => 'or']]); ``` Using `auzo:permission` artisan command to manage permissions: ``` php artisan auzo:permission give 'testRole' 'ability.test,ability.test2' --policies='1,2:||' ``` if multiple policies applied, a default "AND" is applied between policies, unless you specified an operator at the time of adding policies to the permission. Generate abilities ------------------ [](#generate-abilities) This will use `GenerateAbilities` from [AuzoTools](https://github.com/thekordy/auzo-tools/)to generate all abilities (by default matching route source scheme) for a model and its fields, and saves them to the database abilities table. Through the GeneratAbilitiesToDB class: ``` $generator = new Kordy\Auzo\Services\GenerateAbilitiesToDB(); // generate only model CRUD abilities $generator->modelAbilities($model)->saveModelToDB(); // generate only fields CRUD abilities $generator->fieldsAbilities($model)->saveFieldsToDB(); // generate both model and fields CRUD abilities $generator->fullCrudAbilities($model)->saveToDB(); ``` Through the artisan command ``` php artisan auzo:ability generate 'App\Post' # or to generate only model abilities php artisan auzo:ability generate 'App\Post' --option=model # or to generate only fields abilities php artisan auzo:ability generate 'App\Post' --option=fields ``` This will generate and save all abilities below to abilities table: ``` [ [ 'name' => 'post.index', 'tag' => 'post', ], [ 'name' => 'post.create', 'tag' => 'post', ], [ 'name' => 'post.store', 'tag' => 'post', ], [ 'name' => 'post.show', 'tag' => 'post', ], [ 'name' => 'post.edit', 'tag' => 'post', ], [ 'name' => 'post.update', 'tag' => 'post', ], [ 'name' => 'post.destroy', 'tag' => 'post', ], [ 'name' => 'post.index.id', 'tag' => 'post.index', ], [ 'name' => 'post.create.id', 'tag' => 'post.create', ], [ 'name' => 'post.store.id', 'tag' => 'post.store', ], [ 'name' => 'post.show.id', 'tag' => 'post.show', ], [ 'name' => 'post.edit.id', 'tag' => 'post.edit', ], [ 'name' => 'post.update.id', 'tag' => 'post.update', ], [ 'name' => 'post.destroy.id', 'tag' => 'post.destroy', ], [ 'name' => 'post.index.name', 'tag' => 'post.index', ], [ 'name' => 'post.create.name', 'tag' => 'post.create', ], [ 'name' => 'post.store.name', 'tag' => 'post.store', ], .... ``` Credits ======= [](#credits) 1. Based on [laravel-permission package](https://github.com/spatie/laravel-permission)which is considered the best alternative for this package if you need multiple roles and direct permissions for users. 2. A lot of help from my friend [balping](https://github.com/balping) Contributing ============ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. License ======= [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 32 — LowBetter than 72% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity17 Limited adoption so far Community12 Small or concentrated contributor base Maturity68 Established project with proven stability Bus Factor1 Top contributor holds 94.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~54 days Recently: every ~37 days Total 7 Last Release 3325d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/e4cf16c2b68fc5afed433096a811484f136e7f400ad37606bf79ac4a7fa43653?d=identicon)[kordy](/maintainers/kordy) --- Top Contributors [![thekordy](https://avatars.githubusercontent.com/u/11343048?v=4)](https://github.com/thekordy "thekordy (33 commits)")[![balping](https://avatars.githubusercontent.com/u/5840038?v=4)](https://github.com/balping "balping (2 commits)") --- Tags laravelaclpermissionauthorizerole ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/kordy-auzo/health.svg) ``` [![Health](https://phpackages.com/badges/kordy-auzo/health.svg)](https://phpackages.com/packages/kordy-auzo) ``` ### Alternatives [efficiently/authority-controller AuthorityController is an PHP authorization library for Laravel 5 which restricts what resources a given user is allowed to access. 15533.2k](/packages/efficiently-authority-controller)[dlnsk/h-rbac Based on native Laravel's gates and policies. Hierarchical RBAC with callbacks. 378.3k](/packages/dlnsk-h-rbac) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)