PHPackages maxinyugh/laravel-authz - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. maxinyugh/laravel-authz ActiveLibrary[Authentication & Authorization](/categories/authentication) maxinyugh/laravel-authz ======================= An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel. v1.0.4(6y ago)029Apache-2.0PHP Since Mar 11Pushed 6y agoCompare [ Source](https://github.com/maxinyugh/laravel-authz)[ Packagist](https://packagist.org/packages/maxinyugh/laravel-authz)[ RSS](/packages/maxinyugh-laravel-authz/feed)WikiDiscussions master Synced today READMEChangelog (2)Dependencies (4)Versions (8)Used By (0) Laravel Authorization ======================= [](#----laravel-authorization) **Laravel-authz is an authorization library for the laravel framework.** [ ![Build Status](https://camo.githubusercontent.com/cc089f195cfef62d619ececec44bdbd4c46d2593db9b995f56a515a2b7b06634/68747470733a2f2f7472617669732d63692e6f72672f7068702d63617362696e2f6c61726176656c2d617574687a2e7376673f6272616e63683d6d6173746572) ](https://travis-ci.org/php-casbin/laravel-authz) [ ![Coverage Status](https://camo.githubusercontent.com/bca0cbc15e468d6078cf0cb33dcc73a28edd7094952f273cde05deb5d0c5daec/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f7068702d63617362696e2f6c61726176656c2d617574687a2f62616467652e737667) ](https://coveralls.io/github/php-casbin/laravel-authz) [ ![Latest Stable Version](https://camo.githubusercontent.com/5e2d24b312186c6eeb0c723a9fc22b6c1d9c4406d2dc51a6698a657ea7378e4c/68747470733a2f2f706f7365722e707567782e6f72672f63617362696e2f6c61726176656c2d617574687a2f762f737461626c65) ](https://packagist.org/packages/casbin/laravel-authz) [ ![Total Downloads](https://camo.githubusercontent.com/f7ebd19f57511937e71245fc7756b01b8e7ee61030fc35f9a69660bd3c4794c4/68747470733a2f2f706f7365722e707567782e6f72672f63617362696e2f6c61726176656c2d617574687a2f646f776e6c6f616473) ](https://packagist.org/packages/casbin/laravel-authz) [ ![License](https://camo.githubusercontent.com/8fae11fe02f6b540835dbfaee8e697e39d6c697764a496243211f2ff07562a03/68747470733a2f2f706f7365722e707567782e6f72672f63617362696e2f6c61726176656c2d617574687a2f6c6963656e7365) ](https://packagist.org/packages/casbin/laravel-authz) It's based on [Casbin](https://github.com/php-casbin/php-casbin), an authorization library that supports access control models like ACL, RBAC, ABAC. All you need to learn to use `Casbin` first. - [Installation](#installation) - [Usage](#usage) - [Quick start](#quick-start) - [Using Enforcer Api](#using-enforcer-api) - [Using a middleware](#using-a-middleware) - [basic Enforcer Middleware](#basic-enforcer-middleware) - [HTTP Request Middleware ( RESTful is also supported )](#http-request-middleware--restful-is-also-supported-) - [Using artisan commands](#using-artisan-commands) - [Cache](#using-cache) - [Thinks](#thinks) - [License](#license) Installation ------------ [](#installation) Require this package in the `composer.json` of your Laravel project. This will download the package. ``` composer require casbin/laravel-authz ``` The `Lauthz\LauthzServiceProvider` is `auto-discovered` and registered by default, but if you want to register it yourself: Add the ServiceProvider in `config/app.php` ``` 'providers' => [ /* * Package Service Providers... */ Lauthz\LauthzServiceProvider::class, ] ``` The Enforcer facade is also `auto-discovered`, but if you want to add it manually: Add the Facade in `config/app.php` ``` 'aliases' => [ // ... 'Enforcer' => Lauthz\Facades\Enforcer::class, ] ``` To publish the config, run the vendor publish command: ``` php artisan vendor:publish ``` This will create a new model config file named `config/lauthz-rbac-model.conf` and a new lauthz config file named `config/lauthz.php`. To migrate the migrations, run the migrate command: ``` php artisan migrate ``` This will create a new table named `rules` Usage ----- [](#usage) ### Quick start [](#quick-start) Once installed you can do stuff like this: ``` use Enforcer; // adds permissions to a user Enforcer::addPermissionForUser('eve', 'articles', 'read'); // adds a role for a user. Enforcer::addRoleForUser('eve', 'writer'); // adds permissions to a rule Enforcer::addPolicy('writer', 'articles','edit'); ``` You can check if a user has a permission like this: ``` // to check if a user has permission if (Enforcer::enforce("eve", "articles", "edit")) { // permit eve to edit articles } else { // deny the request, show an error } ``` ### Using Enforcer Api [](#using-enforcer-api) It provides a very rich api to facilitate various operations on the Policy: Gets all roles: ``` Enforcer::getAllRoles(); // ['writer', 'reader'] ``` Gets all the authorization rules in the policy.: ``` Enforcer::getPolicy(); ``` Gets the roles that a user has. ``` Enforcer::getRolesForUser('eve'); // ['writer'] ``` Gets the users that has a role. ``` Enforcer::getUsersForRole('writer'); // ['eve'] ``` Determines whether a user has a role. ``` Enforcer::hasRoleForUser('eve', 'writer'); // true or false ``` Adds a role for a user. ``` Enforcer::addRoleForUser('eve', 'writer'); ``` Adds a permission for a user or role. ``` // to user Enforcer::addPermissionForUser('eve', 'articles', 'read'); // to role Enforcer::addPermissionForUser('writer', 'articles','edit'); ``` Deletes a role for a user. ``` Enforcer::deleteRoleForUser('eve', 'writer'); ``` Deletes all roles for a user. ``` Enforcer::deleteRolesForUser('eve'); ``` Deletes a role. ``` Enforcer::deleteRole('writer'); ``` Deletes a permission. ``` Enforcer::deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected). ``` Deletes a permission for a user or role. ``` Enforcer::deletePermissionForUser('eve', 'articles', 'read'); ``` Deletes permissions for a user or role. ``` // to user Enforcer::deletePermissionsForUser('eve'); // to role Enforcer::deletePermissionsForUser('writer'); ``` Gets permissions for a user or role. ``` Enforcer::getPermissionsForUser('eve'); // return array ``` Determines whether a user has a permission. ``` Enforcer::hasPermissionForUser('eve', 'articles', 'read'); // true or false ``` ### Using a middleware [](#using-a-middleware) This package comes with `EnforcerMiddleware`, `RequestMiddleware` middlewares. You can add them inside your `app/Http/Kernel.php` file. ``` protected $routeMiddleware = [ // ... // a basic Enforcer Middleware 'enforcer' => \Lauthz\Middlewares\EnforcerMiddleware::class, // an HTTP Request Middleware 'http_request' => \Lauthz\Middlewares\RequestMiddleware::class, ]; ``` #### basic Enforcer Middleware [](#basic-enforcer-middleware) Then you can protect your routes using middleware rules: ``` Route::group(['middleware' => ['enforcer:articles,read']], function () { // pass }); ``` #### HTTP Request Middleware ( RESTful is also supported ) [](#http-request-middleware--restful-is-also-supported-) If you need to authorize a Request,you need to define the model configuration first in `config/lauthz-rbac-model.conf`: ``` [request_definition] r = sub, obj, act [policy_definition] p = sub, obj, act [role_definition] g = _, _ [policy_effect] e = some(where (p.eft == allow)) [matchers] m = g(r.sub, p.sub) && r.sub == p.sub && keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act) ``` Then, using middleware rules: ``` Route::group(['middleware' => ['http_request']], function () { Route::resource('photo', 'PhotoController'); }); ``` ### Using artisan commands [](#using-artisan-commands) You can create a policy from a console with artisan commands. To user: ``` php artisan policy:add eve,articles,read ``` To Role: ``` php artisan policy:add writer,articles,edit ``` Adds a role for a user: ``` php artisan role:assign eve writer ``` ### Using cache [](#using-cache) Authorization rules are cached to speed up performance. The default is off. Sets your own cache configs in Laravel's `config/lauthz.php`. ``` 'cache' => [ // changes whether Lauthz will cache the rules. 'enabled' => false, // cache store 'store' => 'default', // cache Key 'key' => 'rules', // ttl \DateTimeInterface|\DateInterval|int|null 'ttl' => 24 * 60, ], ``` Thinks ------ [](#thinks) [Casbin](https://github.com/php-casbin/php-casbin) in Laravel. You can find the full documentation of Casbin [on the website](https://casbin.org/). License ------- [](#license) This project is licensed under the [Apache 2.0 license](LICENSE). ### Health Score 29 — LowBetter than 60% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community10 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~32 days Recently: every ~10 days Total 7 Last Release 2424d ago Major Versions v0.2 → v1.0.02019-08-09 ### Community Maintainers ![](https://www.gravatar.com/avatar/ae92428185a0b68480806b1be333443549183c6c4eccf6128be4d7c07fbf52e0?d=identicon)[alukaduo](/maintainers/alukaduo) --- Top Contributors [![maxinyugh](https://avatars.githubusercontent.com/u/43026714?v=4)](https://github.com/maxinyugh "maxinyugh (10 commits)")[![ql2005](https://avatars.githubusercontent.com/u/1982911?v=4)](https://github.com/ql2005 "ql2005 (6 commits)")[![osindex](https://avatars.githubusercontent.com/u/4703215?v=4)](https://github.com/osindex "osindex (5 commits)")[![leeqvip](https://avatars.githubusercontent.com/u/35752209?v=4)](https://github.com/leeqvip "leeqvip (4 commits)") --- Tags laravelauthorizationaclpermissionrbacaccess-controlabaccasbinauthz ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/maxinyugh-laravel-authz/health.svg) ``` [![Health](https://phpackages.com/badges/maxinyugh-laravel-authz/health.svg)](https://phpackages.com/packages/maxinyugh-laravel-authz) ``` ### Alternatives [casbin/laravel-authz An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel. 324339.9k4](/packages/casbin-laravel-authz)[casbin/casbin a powerful and efficient open-source access control library for php projects. 1.3k1.4M54](/packages/casbin-casbin)[casbin/think-authz An authorization library that supports access control models like ACL, RBAC, ABAC for ThinkPHP. 27918.5k6](/packages/casbin-think-authz)[casbin/webman-permission webman casbin permission plugin 523.4k2](/packages/casbin-webman-permission)[casbin/codeigniter-permission Associate users with roles and permissions, use Casbin in CodeIgniter4 Web Framework. 443.0k](/packages/casbin-codeigniter-permission)[efficiently/authority-controller AuthorityController is an PHP authorization library for Laravel 5 which restricts what resources a given user is allowed to access. 15433.2k](/packages/efficiently-authority-controller) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)