PHPackages                             mnshankar/role-based-authority - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. mnshankar/role-based-authority

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

mnshankar/role-based-authority
==============================

Modifies Authority-L4 to use Roles (instead of users) as the central unit of previlege management

v1.4(12y ago)323.8k10PHPPHP &gt;=5.3.0

Since Oct 11Pushed 12y ago5 watchersCompare

[ Source](https://github.com/mnshankar/RoleBasedAuthority)[ Packagist](https://packagist.org/packages/mnshankar/role-based-authority)[ RSS](/packages/mnshankar-role-based-authority/feed)WikiDiscussions master Synced 4w ago

READMEChangelogDependencies (2)Versions (5)Used By (0)

Laravel4 - RoleBasedAuthority
=============================

[](#laravel4---rolebasedauthority)

This is a simple package that provides role-based access control (RBAC) for Laravel4 applications.

It is very similar to Authority-L4 in that it provides a Laravel 4 shell around the "Authority" package. This package however focuses on managing permissions assigned to "roles" rather than "users".

After examining a whole host of authorization systems for Laravel, I finally settled on Authority

- Easy to understand and manage
- No other external dependencies
- Runs on PHP 5.3+
- Works exactly as advertised

(As far as authentication is concerned, I believe the stock laravel implementation works perfectly)

To install RoleBasedAuthority via composer:

```
"require": {
		"laravel/framework": "4.2.*",
		"mnshankar/role-based-authority": "dev-master"
	},

```

Run composer update to bring in the dependencies.

Add to Provider list (app.php):

```
'mnshankar\RoleBasedAuthority\RoleBasedAuthorityServiceProvider',

```

Add to Alias list (app.php):

```
'Authority'        => 'mnshankar\RoleBasedAuthority\Facades\Authority',

```

Run all migrations (Remember to setup your database config prior to doing this. Note that it contains a migration for the users table, and as such you might want to inspect the code prior to running):

```
php artisan migrate --package="mnshankar/role-based-authority"

```

Publish the configuration file:

```
php artisan config:publish mnshankar/role-based-authority

```

(this central config file is where you would put all your rules. In order to cache the "Authority" object, set 'cache' to true and specify cache\_ttl)

Create/Modify your User, Role and Permission models to permit relationships (many-to-many between users and roles, one-to-many between roles and permissions): User.php
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

[](#createmodify-your-user-role-and-permission-models-to-permit-relationshipsmany-to-many-between-users-and-roles-one-to-many-between-roles-and-permissionsuserphp)

```
...
public function roles() {
		return $this->belongsToMany('Role');
	}
public function hasRole($key)
    {
        foreach ($this->roles as $role) {
            if ($role->role_name === $key) {
                return true;
            }
        }
        return false;
    }
...

```

Role.php
--------

[](#rolephp)

```
class Role extends Eloquent
{
	public function permissions() {
		return $this->hasMany('Permission');
	}
}

```

Permission.php
--------------

[](#permissionphp)

```
class Permission extends Eloquent
{

}

```

The major changes from Authority are:

- DB migrations (include relationships between users,roles and permissions)
- The "type" field in table "permissions" is set to enum (allow/deny)
- Support for role inheritance (using the "inherited\_roleid" column in Roles)
- Config file changes (to loop through all user roles, and create rule list)
- Support for caching the Authority object (set 'cache' to true in config file)

Common usage pattern:

Once you have the tables setup (with users, roles and permissions), checking authorization within your application is fairly trivial. Here is some seed data to get you started:

```
--create a user (pwd must be hashed!)
INSERT INTO users VALUES ('1', 'LastName', 'FirstName', 'email@email.com', 'hashedpwd****', now(), now());

-- Establish roles. member inherits from guest and admin inherits from member
INSERT INTO roles VALUES ('1', 'guest', null, now(), now());
INSERT INTO roles VALUES ('2', 'member', '1', now(), now());
INSERT INTO roles VALUES ('3', 'admin', '2', now(), now());

-- Assign roles to users. Userid 1 has 'admin' role
INSERT INTO role_user(role_id, user_id) VALUES ('3', '1');

-- Setup Permissions table
-- ----------------------------
-- Role id 3 (admin) is allowed action "admin" on "all" resources
-- NOTE: 'all' - is a special resource that can be used as a wildcard
-- https://github.com/machuga/authority/blob/master/src/Authority/Rule.php#L101
-- Role id 2 (member) is allowed "create", "view" and "edit" actions on resource named 'album'
-- ----------------------------
INSERT INTO permissions VALUES ('1', '3', 'allow', 'admin', 'all', now(), now());
INSERT INTO permissions VALUES ('2', '2', 'allow', 'create', 'album', now(), now());
INSERT INTO permissions VALUES ('3', '2', 'allow', 'view', 'album', now(), now());
INSERT INTO permissions VALUES ('4', '2', 'allow', 'edit', 'album', now(), now());

```

The following snippets of code demonstrate methods of checking for appropriate privileges:

```
/***Check in controller - create() method of resource album***/
//checks if the logged in user has authority to create an album
//if person with admin or member role is logged in, they will be permitted. Not otherwise

Auth::loginUsingId(1);  //force login - testing only
if (Authority::cannot('create', 'album')) {
       App::abort('403', 'Sorry! Not authorized');
}

```

Adding a role-check can be accomplished using filters like so:

```
Route::filter('admin', function(){
    if (!Auth::user()->hasRole('admin'))
    {
        return App::abort('403', 'You are not authorized.');
    }
});

```

('admin' can then be used as a before filter)

For more instructions on usage and available options, please follow the writeup on authority-l4 (and authority)

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity29

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity61

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~84 days

Total

4

Last Release

4392d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/ec7d6db9c6a284d9ca1fb934910bb11c1eb3aaab1d9fc9daa5e92f98a43a37d6?d=identicon)[mnshankar](/maintainers/mnshankar)

---

Top Contributors

[![mnshankar](https://avatars.githubusercontent.com/u/2873887?v=4)](https://github.com/mnshankar "mnshankar (4 commits)")

---

Tags

authorizationrolesrbaclaravel4

### Embed Badge

![Health badge](/badges/mnshankar-role-based-authority/health.svg)

```
[![Health](https://phpackages.com/badges/mnshankar-role-based-authority/health.svg)](https://phpackages.com/packages/mnshankar-role-based-authority)
```

###  Alternatives

[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6783.6k5](/packages/hasinhayder-tyro)[hosseinhezami/laravel-permission-manager

Advanced permission manager for Laravel.

383.3k](/packages/hosseinhezami-laravel-permission-manager)[amdadulhaq/guard-laravel

Guard is Role and Permission management system for Laravel

135.5k](/packages/amdadulhaq-guard-laravel)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
