PHPackages phpzen/laravel-rbac - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. phpzen/laravel-rbac ActiveLibrary[Authentication & Authorization](/categories/authentication) phpzen/laravel-rbac =================== Role based access control for Laravel 5 0.2(10y ago)383.2k16[3 PRs](https://github.com/phpzen/laravel-rbac/pulls)MITPHPPHP >=5.5.9 Since Jan 3Pushed 7y ago5 watchersCompare [ Source](https://github.com/phpzen/laravel-rbac)[ Packagist](https://packagist.org/packages/phpzen/laravel-rbac)[ RSS](/packages/phpzen-laravel-rbac/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (1)Versions (4)Used By (0) Laravel RBAC ============ [](#laravel-rbac) Super simple RBAC/ACL implementation for Laravel 5. Installation ------------ [](#installation) Require this package with composer ([Packagist](https://packagist.org/packages/phpzen/laravel-rbac)) using the following command ``` composer require phpzen/laravel-rbac ``` or modify your `composer.json` ``` "require": { ... "phpzen/laravel-rbac": "^0.2" } ``` then run `composer update`. After installation register the ServiceProvider to the `providers` array in `config/app.php` ``` PHPZen\LaravelRbac\RbacServiceProvider::class, ``` Publish migration files ``` $ php artisan vendor:publish --provider="PHPZen\LaravelRbac\RbacServiceProvider" --force ``` Run migrations ``` $ php artisan migrate ``` Add RBAC middleware to your `app/Http/Kernel.php` ``` protected $routeMiddleware = [ ... 'rbac' => '\PHPZen\LaravelRbac\Middleware\Rbac::class' ]; ``` Add Rbac trait to your `User` model ``` use PHPZen\LaravelRbac\Traits\Rbac; class User extends Authenticatable { use Rbac; ... } ``` Usage ----- [](#usage) ### Roles [](#roles) #### Create role [](#create-role) ``` $adminRole = new Role; $adminRole->name = 'Administrator'; $adminRole->slug = 'administrator'; $adminRole->description = 'System Administrator'; $adminRole->save(); $editorRole = new Role; $editorRole->name = 'Editor'; $editorRole->slug = 'editor'; $editorRole->description = 'Editor'; $editorRole->save(); ``` #### Assign role to user [](#assign-role-to-user) ``` $user = User::find(1); $user->roles()->attach($adminRole->id); ``` you can also assign multiple roles at once ``` $user->roles()->attach([$adminRole->id, $editorRole->id]); ``` #### Revoke role from user [](#revoke-role-from-user) ``` $user->roles()->detach($adminRole->id); ``` you can also revoke multiple roles at once ``` $user->roles()->detach([$adminRole->id, $editorRole->id]); ``` #### Sync roles [](#sync-roles) ``` $user->roles()->sync([$editorRole->id]); ``` Any role already assigned to user will be revoked if you don't pass its id to sync method. ### Permissions [](#permissions) #### Create permission [](#create-permission) ``` $createUser = new Permission; $createUser->name = 'Create user'; $createUser->slug = 'user.create'; $createUser->description = 'Permission to create user'; $createUser->save(); $updateUser = new Permission; $updateUser->name = 'Update user'; $updateUser->slug = 'user.update'; $updateUser->description = 'Permission to update user'; $updateUser->save(); ``` #### Assign permission to role [](#assign-permission-to-role) ``` $adminRole = Role::find(1); $adminRole->permissions()->attach($createUser->id); ``` you can also assign multiple permissions at once ``` $adminRole->permissions()->attach([$createUser->id, $updateUser->id]); ``` #### Revoke permission from role [](#revoke-permission-from-role) ``` $adminRole->permissions()->detach($createUser->id); ``` you can also revoke multiple permissions at once ``` $adminRole->permissions()->detach([$createUser->id, $updateUser->id]); ``` #### Sync permissions [](#sync-permissions) ``` $adminRole->permissions()->sync([$updateUser->id]); ``` Any permission already assigned to role will be revoked if you don't pass its id to sync method. ### Check user roles/permissions [](#check-user-rolespermissions) Roles and permissions can be checked on `User` instance using `hasRole` and `canDo` methods. ``` $isAdmin = Auth::user()->hasRole('administrator'); // pass role slug as parameter $isAdminOrEditor = Auth::user()->hasRole('administrator|editor'); // using OR operator $canUpdateUser = Auth::user()->canDo('update.user'); // pass permission slug as parameter $canUpdateOrCreateUser = Auth::user()->canDo('update.user|create.user'); // using OR operator ``` ### Protect routes [](#protect-routes) Laravel RBAC provides middleware to protect single route and route groups. Middleware expects 2 comma separated params: - **is** or **can** as first param - what to check (role/permission) - role/permission slug as second param ``` Route::get('/backend', [ 'uses' => 'BackendController@index', 'middleware' => ['auth', 'rbac:is,administrator'] ]); Route::get('/backend', [ 'uses' => 'BackendController@index', 'middleware' => ['auth', 'rbac:is,administrator|editor'] ]); Route::get('/dashboard', [ 'uses' => 'DashboardController@index', 'middleware' => ['auth', 'rbac:can,view.dashboard'] ]); Route::get('/dashboard', [ 'uses' => 'DashboardController@index', 'middleware' => ['auth', 'rbac:can,view.dashboard|view.statistics'] ]); ``` ### Blade directive [](#blade-directive) Laravel RBAC provides two Blade directives to check if user has role/permission assigned. Check for role ``` @ifUserIs('administrator') // show admin content here @else // sorry @endif @ifUserIs('administrator|editor') // show editor content here @else // sorry @endif ``` Check for permission ``` @ifUserCan('delete.user') // show delete button @endif @ifUserCan('delete.user|manage.user') // show delete button @endif ``` License ------- [](#license) Laravel RBAC is open-sourced software licensed under the [MIT license](http://opensource.org/licenses/MIT) ### Health Score 32 — LowBetter than 72% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity30 Limited adoption so far Community17 Small or concentrated contributor base Maturity50 Maturing project, gaining track record Bus Factor1 Top contributor holds 52.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~13 days Total 2 Last Release 3766d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/a85e4b0e056b9c73081588003d09ab4668833c4f54e857c4d180707f35e75bbe?d=identicon)[PHPZen](/maintainers/PHPZen) --- Top Contributors [![phpzen](https://avatars.githubusercontent.com/u/16389236?v=4)](https://github.com/phpzen "phpzen (11 commits)")[![msbytes](https://avatars.githubusercontent.com/u/24713293?v=4)](https://github.com/msbytes "msbytes (9 commits)")[![tal512](https://avatars.githubusercontent.com/u/4966359?v=4)](https://github.com/tal512 "tal512 (1 commits)") --- Tags laravelsecurityauthaclrolespermissionsrbac ### Embed Badge ![Health badge](/badges/phpzen-laravel-rbac/health.svg) ``` [![Health](https://phpackages.com/badges/phpzen-laravel-rbac/health.svg)](https://phpackages.com/packages/phpzen-laravel-rbac) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[erag/laravel-role-permission A simple and easy-to-install role and permission management package for Laravel, supporting versions 10.x and 11.x 404.2k](/packages/erag-laravel-role-permission) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)