PHPackages                             roksta/laravel-roles - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. roksta/laravel-roles

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

roksta/laravel-roles
====================

Permissions and user roles manager for laravel

05PHP

Since Feb 14Pushed 7y ago1 watchersCompare

[ Source](https://github.com/roksta21/laravel-roles)[ Packagist](https://packagist.org/packages/roksta/laravel-roles)[ RSS](/packages/roksta-laravel-roles/feed)WikiDiscussions master Synced 2w ago

READMEChangelogDependenciesVersions (1)Used By (0)

Permissions Manager for laravel
===============================

[](#permissions-manager-for-laravel)

This package provides a simple method for managing users on a system. It lists all of the available routes defined in your application and takes advantage of the route name to give each user permission to visit each route separately. That means that each user needs explicit permissions to access each route. The package comes with already built views for user and role management, so all you need to do is create a new user and you will be able to immediately fine tune their role.

Installation
------------

[](#installation)

```
composer require roksta/laravel-roles
```

Configuration
-------------

[](#configuration)

Migrate the database to create the tables needed by the package.

```
php artisan migrate
```

Publish the config file

```
php artisan vendor:publish
```

and select the Roksta\\Permit\\PermissionsServiceProvider provider. This will create the permissions.php file within the config directory.

### Permissions.php

[](#permissionsphp)

Set the appropriate settings as described in the commennts.

- super\_admin\_user\_id is the user id to whom all the permissions are given to and has the right to set other user's permissions. This assumes the system already has a user in the user's table.
- route\_name\_prefix is the prefix of the name of the routes to protect. You must define your routes with a name and set a prefix.
- except arre the routes that may be prefixed by the route\_name\_prefix, eg, by grouping, but are not to be protected.

#### Example

[](#example)

routes/web.php

```
Route::get('/', 'HomeController@home')->name('home');

Route::group(['as' => 'admin.'], function() {
	Route::get('profile', 'ProfileController@show')->name('profile.show');
	Route::resource('users', 'UsersController');
});
```

Listing the routes displays the named routes as

```
php artisan route:list
+------+---------+----------------+---------------------+---------------------------
|Domain|Method   |URI             | Name                | Action
+------+---------+----------------+---------------------+--------------------------
|      | GET     |/               | home                |App\Http\Controlle
|      | GET     |/profile        | admin.profile.show  |App\Http\Controlle
|      | GET     |/users          | admin.users.index   |App\Http\Controlle
|      | GET     |/users/create   | admin.users.create  |App\Http\Controlle
|      | POST    |/users          | admin.users.store   |App\Http\Controlle
|      | GET     |/users/{id}     | admin.users.show    |App\Http\Controlle
|      | GET     |/users/{id}/edit| admin.users.edit    |App\Http\Controlle
|      | PUT     |/users/{id}     | admin.users.update  |App\Http\Controlle
|      | DELETE  |/users/{id}     | admin.users.destroy |App\Http\Controlle
```

Config/permissions.php

```
return [
	'super_admin_user_id' => 1,

	'route_name_prefix' => 'admin.',
	'route_path_prefix' => 'admin',

	'except' => [
		'profile.show',
		'users.index',
	],

	'controller_namespace' => 'App\Http\Controllers\Admin',
];
```

This means that

- '/' is not protected by any permissions as it does not fall within the 'admin.' route name prefix.
- Routes with names starting with 'admin.' will be protected. Users wishing to visit these routes will need to be granted permission or encounter a 403 error.
- '/profile' and '/users' will be exempted from these permissions and will be free to view.
- User with id 1 in the user's table will be given super admin permissions, meaning all rights to all routes.
- controller\_namespace defines the namespace where the controller UserPermissionsController resides.

Run

```
php artisan permissions:install
```

Returns

```
6 routes protected
Admin has been granted super admin permissions
```

Add `php \Roksta\Permit\VerifyPermissions::class` to your app\\Http\\Kernel.php in either $middlewareGroups or $routeMiddleware.

Create a controller in the controller\_namespace called UserPermissionsController as below:

```
namespace App\Http\Controllers\Admin;

use App\Http\Controllers\Controller;
use Roksta\Permit\UserPermissions;

class UserPermissionsController extends Controller
{
    use UserPermissions;
}
```

Create a controller in the controller\_namespace called RolePermissionsController as below:

```
namespace App\Http\Controllers\Admin;

use App\Http\Controllers\Controller;
use Roksta\Permit\RolePermissions;

class UserPermissionsController extends Controller
{
    use RolePermissions;
}
```

The above controllers are resource controllers that work out of the boox. However you may edit their functions here for a more tailored experience.

### Usage

[](#usage)

The package comes with a few routes to enable user permissions and roles management. The route path prefix is used for the routes, eg, in our example, the registered routes by the package are

```
+---------+----------------------------------+-------------------------------
|Method   |URI                               | Name
+---------+----------------+---------------------+---------------------------
| GET     |/admin/permissions/users          | admin.permissions.users.index
| GET     |/admin/permissions/users/{id}     | admin.permissions.users.show
| GET     |/admin/permissions/users/{id}/edit| admin.permissions.users.edit
| PUT     |/admin/permissions/users/{id}     | admin.permissions.users.update

| GET     |/admin/permissions/roles          | admin.permissions.roles.index
| GET     |/admin/permissions/roles/create   | admin.permissions.roles.create
| POST    |/admin/permissions/roles/store    | admin.permissions.roles.store
| GET     |/admin/permissions/roles/{id}     | admin.permissions.roles.show
| GET     |/admin/permissions/roles/{id}/edit| admin.permissions.roles.edit
| PUT     |/admin/permissions/roles/{id}     | admin.permissions.roles.update
| DELETE  |/admin/permissions/roles/{id}     | admin.permissions.roles.destroy
```

### Views

[](#views)

in your views, you may show or hide elements using the user model's sees() funtion, eg, in your links, you may choose to only show links that the user may follow to avoid unnecessary 403s. eg,

```
@if(auth()->user()->sees('admin.users.create'))
Create User
@endif
```

Only users who have permission to create a user will see the link.

Licence
-------

[](#licence)

This package is provided for open source use under the MIT Licence.

###  Health Score

19

—

LowBetter than 9% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity4

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity38

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/dd09ef96b0cad07f317de336c5187435d45d9a46b985a79b4b0b2e508b9ff64e?d=identicon)[sam\_roksta](/maintainers/sam_roksta)

---

Top Contributors

[![mbuthias21-lgtm](https://avatars.githubusercontent.com/u/247016240?v=4)](https://github.com/mbuthias21-lgtm "mbuthias21-lgtm (5 commits)")

### Embed Badge

![Health badge](/badges/roksta-laravel-roles/health.svg)

```
[![Health](https://phpackages.com/badges/roksta-laravel-roles/health.svg)](https://phpackages.com/packages/roksta-laravel-roles)
```

###  Alternatives

[kartik-v/yii2-password

Useful password strength validation utilities for Yii Framework 2.0

761.2M17](/packages/kartik-v-yii2-password)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
