PHPackages                             laravelplus/fortress - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. laravelplus/fortress

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

laravelplus/fortress
====================

Fortress is a powerful Laravel package designed to streamline and enhance attribute-based authorization through middleware. It acts as the ultimate security gatekeeper for your application, ensuring that only the right users with the correct attributes gain access to specific resources.

v1.0.2(1y ago)132.0k↓91.8%3[1 PRs](https://github.com/LaravelPlus/fortress/pulls)MITPHPPHP ^8.2

Since Dec 18Pushed 1y ago1 watchersCompare

[ Source](https://github.com/LaravelPlus/fortress)[ Packagist](https://packagist.org/packages/laravelplus/fortress)[ Docs](https://github.com/laravelplus/fortress)[ RSS](/packages/laravelplus-fortress/feed)WikiDiscussions master Synced today

READMEChangelog (3)Dependencies (8)Versions (5)Used By (0)

LaravelPlus Fortress
====================

[](#laravelplus-fortress)

 [![accessibility text](icon.png)](icon.png)

[![Latest Version on Packagist](https://camo.githubusercontent.com/2d5f2e36f7536b87cd6dc0208e16ead9bcf9f288b967195f9c9495babe4cf102/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6c61726176656c706c75732f666f7274726573732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/laravelplus/fortress)[![Total Downloads](https://camo.githubusercontent.com/ce38ec161f967adfe2f84b6b2892b2e00044a161eafe097e990a00fa7dbcf2d7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6c61726176656c706c75732f666f7274726573732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/laravelplus/fortress)[![GitHub Actions](https://github.com/laravelplus/fortress/actions/workflows/main.yml/badge.svg)](https://github.com/laravelplus/fortress/actions/workflows/main.yml/badge.svg)

**Fortress** is a powerful Laravel package designed to streamline attribute-based authorization. By leveraging the `#[Authorize]` attribute, it provides a declarative and clean approach to securing your Laravel application. Whether managing roles, permissions, gates, or ownership rules, Fortress ensures security is flexible, robust, and easy to implement.

---

Key Features
------------

[](#key-features)

- **Attribute-Based Authorization**: Use `#[Authorize]` attributes for roles, permissions, gates, and ownership checks.
- **Simplifies Middleware Logic**: Declarative syntax removes clutter from middleware, keeping it clean and readable.
- **Ownership Validation**: Validate ownership with configurable keys and default behaviors.
- **Laravel 11 Support**: Fully compatible with Laravel 11 and follows PSR standards.
- **Customizable Configuration**: Flexible configuration for roles, permissions, gates, and ownership rules.

---

Installation
------------

[](#installation)

You can install the package via Composer:

```
composer require laravelplus/fortress
```

### Configuration

[](#configuration)

Append Middleware where you need it:

```
$middleware->web(append: [
    ...
    Laravelplus\Fortress\Middleware\AttributeAuthorizationMiddleware::class,
]);

```

To publish the configuration file, run:

```
php artisan vendor:publish --provider="Laravelplus\\Fortress\\FortressServiceProvider"
```

The configuration file will be published at `config/fortress.php`. Customize default values for ownership keys, gates, and more.

---

Usage
-----

[](#usage)

### Applying the `#[Authorize]` Attribute

[](#applying-the-authorize-attribute)

Add the `#[Authorize]` attribute to your controller methods to enforce authorization:

```
use Laravelplus\Fortress\Attributes\Authorize;

class PostController
{
    #[Authorize(
        public: false,
        roles: ['admin', 'editor'],
        permissions: ['create', 'update'],
        owner: App\Models\Post::class,
        overrideKey: 'author_id'
    )]
    public function update(Request $request, $id)
    {
        // Update logic
    }
}
```

### How It Works

[](#how-it-works)

- **Roles**: Ensures the user has one of the specified roles (`admin` or `editor`).
- **Permissions**: Validates the user has `create` or `update` permissions.
- **Ownership**: Checks if the authenticated user is the owner of the `Post` model by comparing `author_id` with the user's `id`.

### Example Scenarios

[](#example-scenarios)

#### Example 1: Public Endpoint

[](#example-1-public-endpoint)

Allow unauthenticated users to access a method:

```
#[Authorize(public: true)]
public function show($id)
{
    // This method is accessible by everyone
}
```

#### Example 2: Role and Permission Validation

[](#example-2-role-and-permission-validation)

Restrict access based on roles and permissions:

```
#[Authorize(roles: ['manager'], permissions: ['approve-leave'])]
public function approveLeave(Request $request)
{
    // This method is accessible only by managers with approve-leave permission
}
```

#### Example 3: Ownership Validation

[](#example-3-ownership-validation)

Restrict access to resources owned by the authenticated user:

```
#[Authorize(owner: App\Models\Comment::class, overrideKey: 'user_id')]
public function editComment(Request $request, $id)
{
    // Accessible only if the comment belongs to the authenticated user
}
```

#### Example 4: Gate Validation

[](#example-4-gate-validation)

Use Laravel gates to control access:

```
#[Authorize(gates: 'edit-settings')]
public function settings()
{
    // This method is accessible if the "edit-settings" gate returns true
}
```

---

Testing
-------

[](#testing)

To run the package's test suite:

```
composer test
```

Example output:

```
PHPUnit 11.0.0 by Sebastian Bergmann and contributors.

.............                                                    22 / 22 (100%)

Time: 00:00.410, Memory: 26.00 MB
OK (22 tests, 60 assertions)
```

---

Changelog
---------

[](#changelog)

See the [CHANGELOG](CHANGELOG.md) for details about recent changes.

---

Contributing
------------

[](#contributing)

Contributions are welcome! Please see the [CONTRIBUTING](CONTRIBUTING.md) file for details on how to contribute.

---

Security
--------

[](#security)

If you discover any security-related issues, please email  instead of using the issue tracker.

---

Credits
-------

[](#credits)

- **Author**: [Nejcc](https://github.com/nejcc)
- **Contributors**: [All Contributors](../../contributors)

---

License
-------

[](#license)

This package is licensed under the MIT License. See the [LICENSE](LICENSE.md) file for details.

---

Download
--------

[](#download)

You can download the package here:
[Packagist - Laravel Fortress](https://packagist.org/packages/laravelplus/fortress)

###  Health Score

36

—

LowBetter than 79% of packages

Maintenance40

Moderate activity, may be stable

Popularity26

Limited adoption so far

Community12

Small or concentrated contributor base

Maturity54

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 77.8% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

3

Last Release

562d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/4e4629de002c40aef796e5b320091892f0b7b35b62497260c52cef3eb721eed1?d=identicon)[Nejcc](/maintainers/Nejcc)

---

Top Contributors

[![Nejcc](https://avatars.githubusercontent.com/u/6236128?v=4)](https://github.com/Nejcc "Nejcc (21 commits)")[![nejcdev](https://avatars.githubusercontent.com/u/66303179?v=4)](https://github.com/nejcdev "nejcdev (3 commits)")[![zackAJ](https://avatars.githubusercontent.com/u/101515566?v=4)](https://github.com/zackAJ "zackAJ (3 commits)")

---

Tags

laravelPlusfortress

###  Code Quality

TestsPHPUnit

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/laravelplus-fortress/health.svg)

```
[![Health](https://phpackages.com/badges/laravelplus-fortress/health.svg)](https://phpackages.com/packages/laravelplus-fortress)
```

###  Alternatives

[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k3.9M130](/packages/bezhansalleh-filament-shield)[althinect/filament-spatie-roles-permissions

3481.1M10](/packages/althinect-filament-spatie-roles-permissions)[binary-cats/laravel-rbac

Laravel enum-backed RBAC extension of spatie/laravel-permission

7838.1k](/packages/binary-cats-laravel-rbac)[waguilar33/filament-guardian

Role and permission management for Filament

162.3k](/packages/waguilar33-filament-guardian)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
