PHPackages nick-scalewest/laravel-authz - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. nick-scalewest/laravel-authz ActiveLibrary[Authentication & Authorization](/categories/authentication) nick-scalewest/laravel-authz ============================ An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel. 1.0.4(2y ago)03181Apache-2.0PHPPHP >=7.1.0 Since Mar 28Pushed 2y agoCompare [ Source](https://github.com/nick-scalewest/laravel-authz)[ Packagist](https://packagist.org/packages/nick-scalewest/laravel-authz)[ RSS](/packages/nick-scalewest-laravel-authz/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (9)Versions (6)Used By (0) Laravel Authorization ======================= [](#----laravel-authorization) **Laravel-authz is an authorization library for the laravel framework.** [ ![Build Status](https://github.com/php-casbin/laravel-authz/workflows/build/badge.svg?branch=master) ](https://github.com/php-casbin/laravel-authz/actions) [ ![Coverage Status](https://camo.githubusercontent.com/bca0cbc15e468d6078cf0cb33dcc73a28edd7094952f273cde05deb5d0c5daec/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f7068702d63617362696e2f6c61726176656c2d617574687a2f62616467652e737667) ](https://coveralls.io/github/php-casbin/laravel-authz) [ ![Latest Stable Version](https://camo.githubusercontent.com/5e2d24b312186c6eeb0c723a9fc22b6c1d9c4406d2dc51a6698a657ea7378e4c/68747470733a2f2f706f7365722e707567782e6f72672f63617362696e2f6c61726176656c2d617574687a2f762f737461626c65) ](https://packagist.org/packages/casbin/laravel-authz) [ ![Total Downloads](https://camo.githubusercontent.com/f7ebd19f57511937e71245fc7756b01b8e7ee61030fc35f9a69660bd3c4794c4/68747470733a2f2f706f7365722e707567782e6f72672f63617362696e2f6c61726176656c2d617574687a2f646f776e6c6f616473) ](https://packagist.org/packages/casbin/laravel-authz) [ ![License](https://camo.githubusercontent.com/8fae11fe02f6b540835dbfaee8e697e39d6c697764a496243211f2ff07562a03/68747470733a2f2f706f7365722e707567782e6f72672f63617362696e2f6c61726176656c2d617574687a2f6c6963656e7365) ](https://packagist.org/packages/casbin/laravel-authz) It's based on [Casbin](https://github.com/php-casbin/php-casbin), an authorization library that supports access control models like ACL, RBAC, ABAC. All you need to learn to use `Casbin` first. - [Installation](#installation) - [Usage](#usage) - [Quick start](#quick-start) - [Using Enforcer Api](#using-enforcer-api) - [Using a middleware](#using-a-middleware) - [basic Enforcer Middleware](#basic-enforcer-middleware) - [HTTP Request Middleware ( RESTful is also supported )](#http-request-middleware--restful-is-also-supported-) - [Multiple enforcers](#multiple-enforcers) - [Using artisan commands](#using-artisan-commands) - [Cache](#using-cache) - [Thinks](#thinks) - [License](#license) Installation ------------ [](#installation) Require this package in the `composer.json` of your Laravel project. This will download the package. ``` composer require casbin/laravel-authz ``` The `Lauthz\LauthzServiceProvider` is `auto-discovered` and registered by default, but if you want to register it yourself: Add the ServiceProvider in `config/app.php` ``` 'providers' => [ /* * Package Service Providers... */ Lauthz\LauthzServiceProvider::class, ] ``` The Enforcer facade is also `auto-discovered`, but if you want to add it manually: Add the Facade in `config/app.php` ``` 'aliases' => [ // ... 'Enforcer' => Lauthz\Facades\Enforcer::class, ] ``` To publish the config, run the vendor publish command: ``` php artisan vendor:publish ``` This will create a new model config file named `config/lauthz-rbac-model.conf` and a new lauthz config file named `config/lauthz.php`. To migrate the migrations, run the migrate command: ``` php artisan migrate ``` This will create a new table named `rules` Usage ----- [](#usage) ### Quick start [](#quick-start) Once installed you can do stuff like this: ``` use Enforcer; // adds permissions to a user Enforcer::addPermissionForUser('eve', 'articles', 'read'); // adds a role for a user. Enforcer::addRoleForUser('eve', 'writer'); // adds permissions to a rule Enforcer::addPolicy('writer', 'articles','edit'); ``` You can check if a user has a permission like this: ``` // to check if a user has permission if (Enforcer::enforce("eve", "articles", "edit")) { // permit eve to edit articles } else { // deny the request, show an error } ``` ### Using Enforcer Api [](#using-enforcer-api) It provides a very rich api to facilitate various operations on the Policy: Gets all roles: ``` Enforcer::getAllRoles(); // ['writer', 'reader'] ``` Gets all the authorization rules in the policy.: ``` Enforcer::getPolicy(); ``` Gets the roles that a user has. ``` Enforcer::getRolesForUser('eve'); // ['writer'] ``` Gets the users that has a role. ``` Enforcer::getUsersForRole('writer'); // ['eve'] ``` Determines whether a user has a role. ``` Enforcer::hasRoleForUser('eve', 'writer'); // true or false ``` Adds a role for a user. ``` Enforcer::addRoleForUser('eve', 'writer'); ``` Adds a permission for a user or role. ``` // to user Enforcer::addPermissionForUser('eve', 'articles', 'read'); // to role Enforcer::addPermissionForUser('writer', 'articles','edit'); ``` Deletes a role for a user. ``` Enforcer::deleteRoleForUser('eve', 'writer'); ``` Deletes all roles for a user. ``` Enforcer::deleteRolesForUser('eve'); ``` Deletes a role. ``` Enforcer::deleteRole('writer'); ``` Deletes a permission. ``` Enforcer::deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected). ``` Deletes a permission for a user or role. ``` Enforcer::deletePermissionForUser('eve', 'articles', 'read'); ``` Deletes permissions for a user or role. ``` // to user Enforcer::deletePermissionsForUser('eve'); // to role Enforcer::deletePermissionsForUser('writer'); ``` Gets permissions for a user or role. ``` Enforcer::getPermissionsForUser('eve'); // return array ``` Determines whether a user has a permission. ``` Enforcer::hasPermissionForUser('eve', 'articles', 'read'); // true or false ``` See [Casbin API](https://casbin.org/docs/management-api#reference) for more APIs. ### Using a middleware [](#using-a-middleware) This package comes with `EnforcerMiddleware`, `RequestMiddleware` middlewares. You can add them inside your `app/Http/Kernel.php` file. ``` protected $routeMiddleware = [ // ... // a basic Enforcer Middleware 'enforcer' => \Lauthz\Middlewares\EnforcerMiddleware::class, // an HTTP Request Middleware 'http_request' => \Lauthz\Middlewares\RequestMiddleware::class, ]; ``` #### basic Enforcer Middleware [](#basic-enforcer-middleware) Then you can protect your routes using middleware rules: ``` Route::group(['middleware' => ['enforcer:articles,read']], function () { // pass }); ``` #### HTTP Request Middleware ( RESTful is also supported ) [](#http-request-middleware--restful-is-also-supported-) If you need to authorize a Request,you need to define the model configuration first in `config/lauthz-rbac-model.conf`: ``` [request_definition] r = sub, obj, act [policy_definition] p = sub, obj, act [role_definition] g = _, _ [policy_effect] e = some(where (p.eft == allow)) [matchers] m = g(r.sub, p.sub) && keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act) ``` Then, using middleware rules: ``` Route::group(['middleware' => ['http_request']], function () { Route::resource('photo', 'PhotoController'); }); ``` ### Multiple enforcers [](#multiple-enforcers) If you need multiple permission controls in your project, you can configure multiple enforcers. In the lauthz file, it should be like this: ``` return [ 'default' => 'basic', 'basic' => [ 'model' => [ // ... ], 'adapter' => Lauthz\Adapters\DatabaseAdapter::class, // ... ], 'second' => [ 'model' => [ // ... ], 'adapter' => Lauthz\Adapters\DatabaseAdapter::class, // ... ], ]; ``` Then you can choose which enforcers to use. ``` Enforcer::guard('second')->enforce("eve", "articles", "edit"); ``` ### Using artisan commands [](#using-artisan-commands) You can create a policy from a console with artisan commands. To user: ``` php artisan policy:add eve,articles,read ``` To Role: ``` php artisan policy:add writer,articles,edit ``` Adds a role for a user: ``` php artisan role:assign eve writer ``` ### Using cache [](#using-cache) Authorization rules are cached to speed up performance. The default is off. Sets your own cache configs in Laravel's `config/lauthz.php`. ``` 'cache' => [ // changes whether Lauthz will cache the rules. 'enabled' => false, // cache store 'store' => 'default', // cache Key 'key' => 'rules', // ttl \DateTimeInterface|\DateInterval|int|null 'ttl' => 24 * 60, ], ``` Thinks ------ [](#thinks) [Casbin](https://github.com/php-casbin/php-casbin) in Laravel. You can find the full documentation of Casbin [on the website](https://casbin.org/). License ------- [](#license) This project is licensed under the [Apache 2.0 license](LICENSE). ### Health Score 23 — LowBetter than 27% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity13 Limited adoption so far Community13 Small or concentrated contributor base Maturity40 Maturing project, gaining track record Bus Factor1 Top contributor holds 65.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~8 days Total 5 Last Release 743d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/1b6e2e4673bbe0ff753edbf4593e2d1f26d8752364f15596bdcb4bab99dce8c1?d=identicon)[nick-scalewest](/maintainers/nick-scalewest) --- Top Contributors [![leeqvip](https://avatars.githubusercontent.com/u/35752209?v=4)](https://github.com/leeqvip "leeqvip (38 commits)")[![basakest](https://avatars.githubusercontent.com/u/47746206?v=4)](https://github.com/basakest "basakest (10 commits)")[![osindex](https://avatars.githubusercontent.com/u/4703215?v=4)](https://github.com/osindex "osindex (5 commits)")[![donjan-deng](https://avatars.githubusercontent.com/u/8256490?v=4)](https://github.com/donjan-deng "donjan-deng (2 commits)")[![jay-youngn](https://avatars.githubusercontent.com/u/15716336?v=4)](https://github.com/jay-youngn "jay-youngn (2 commits)")[![dawn-darkest](https://avatars.githubusercontent.com/u/90238991?v=4)](https://github.com/dawn-darkest "dawn-darkest (1 commits)") --- Tags laravelauthorizationaclpermissionrbacaccess-controlabaccasbinauthz ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/nick-scalewest-laravel-authz/health.svg) ``` [![Health](https://phpackages.com/badges/nick-scalewest-laravel-authz/health.svg)](https://phpackages.com/packages/nick-scalewest-laravel-authz) ``` ### Alternatives [casbin/laravel-authz An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel. 324339.9k4](/packages/casbin-laravel-authz)[casbin/casbin a powerful and efficient open-source access control library for php projects. 1.3k1.4M54](/packages/casbin-casbin)[casbin/think-authz An authorization library that supports access control models like ACL, RBAC, ABAC for ThinkPHP. 27918.5k6](/packages/casbin-think-authz)[casbin/webman-permission webman casbin permission plugin 523.4k2](/packages/casbin-webman-permission)[casbin/codeigniter-permission Associate users with roles and permissions, use Casbin in CodeIgniter4 Web Framework. 443.0k](/packages/casbin-codeigniter-permission)[hosseinhezami/laravel-permission-manager Advanced permission manager for Laravel. 403.3k](/packages/hosseinhezami-laravel-permission-manager) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)