PHPackages smart-crowd/laravel-rbac - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. smart-crowd/laravel-rbac ActiveLibrary[Authentication & Authorization](/categories/authentication) smart-crowd/laravel-rbac ======================== Laravel RBAC implementation. v0.1.3(10y ago)151.3k8[1 issues](https://github.com/SmartCrowd/laravel-rbac/issues)MITPHP Since Jul 14Pushed 9y ago11 watchersCompare [ Source](https://github.com/SmartCrowd/laravel-rbac)[ Packagist](https://packagist.org/packages/smart-crowd/laravel-rbac)[ RSS](/packages/smart-crowd-laravel-rbac/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (4)Dependencies (4)Versions (8)Used By (0) Laravel RBAC ============ [](#laravel-rbac) Laravel 5 RBAC implementation Package was inspired by RBAC module from Yii Framework Installation ------------ [](#installation) 1. Run ``` composer require "smart-crowd/laravel-rbac":"dev-master" ``` 2. Add service provider and facade into `/config/app.php` file. ``` 'providers' => [ ... SmartCrowd\Rbac\RbacServiceProvider::class, ], ... 'aliases' => [ ... 'Rbac' => 'SmartCrowd\Rbac\Facades\Rbac' ] ``` 3. Publish package configs ``` php artisan vendor:publish ``` 4. Implement `Assignable` contract in your user model. And use `AllowedTrait`. ``` use SmartCrowd\Rbac\Traits\AllowedTrait; use SmartCrowd\Rbac\Contracts\Assignable; class User extends Model implements Assignable { use AllowedTrait; /** * Should return array of permissions and roles names, * assigned to user. * * @return array Array of user assignments. */ public function getAssignments() { // your implementation here } ... } ``` Usage ----- [](#usage) 1. Describe you permissions in `/Rbac/items.php` 2. Use inline in code ``` if (Auth::user()->allowed('article.delete', ['article' => $article])) { // user has access to 'somePermission.name' permission } ``` 3. Or in middleware ``` Route::delete('/articles/{article}', [ 'middleware' => 'rbac:article.delete', 'uses' => 'ArticlesController@delete' ]); ``` Of course, don't forget to register middleware in `/Http/Kernel.php` file ``` protected $routeMiddleware = [ ... 'rbac' => 'SmartCrowd\Rbac\Middleware\RbacMiddleware', ]; ``` To use route parameters in business rules as models instead just ids, you should bind it in `RouteServicePrivider.php`: ``` public function boot(Router $router) { //... $router->model('article', '\App\Article'); parent::boot($router); } ``` There are 3 ways to bind permission name to action name: - middleware paramenter - bind they directelly in `/Rbac/actions.php` file - name permission like action, for example `article.edit` for `ArticleController@edit` action 4. Or in your views ``` @allowed('article.edit', ['article' => $article]) edit @else You can not edit this article @endallowed ``` If `rbac.shortDirectives` option are enabled, you can use shorter forms of directives, like this: ``` @allowedArticleEdit(['article' => $article]) {{ $some }} @endallowed @allowedIndex {{ $some }} @endallowed ``` ### Context Roles [](#context-roles) In some cases, you may want to have dynamically assigned roles. For example, the role `groupModerator` is dynamic, because depending on the current group, the current user may have this role, or may not have. In our terminology, this role are "Context Role", and current group is "Role Context". The context decides which additional context roles will be assigned to the current user. In our case, `Group` model should implement `RbacContext` interface, and method `getAssignments($user)`. When checking is enough to send context model among other parameters: ``` @allowed('group.post.delete', ['post' => $post, 'group' => $group]) // or $post->group post delete button @endallowed ``` But for automatic route check in middleware we usually send only post without group: ``` Route::delete('/post/{post}', [ 'middleware' => 'rbac:group.post.delete', 'uses' => 'PostController@delete' ]); ``` For this case you can implement `RbacContextAccesor` intarface by `Post` model. `getContext()` method should return `Group` model. Then you just have to send only the post, and context roles will be applied in middleware to: ``` @allowed('group.post.delete', ['post' => $post]) post delete button @endallowed ``` You can not do that, if you send context with subject: ``` Route::delete('/group/{group}/post/{post}', [ 'middleware' => 'rbac:group.post.delete', 'uses' => 'PostController@delete' ]); ``` ### Health Score 32 — LowBetter than 72% of packages Maintenance19 Infrequent updates — may be unmaintained Popularity25 Limited adoption so far Community18 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 90.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~123 days Total 5 Last Release 3470d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/2529340?v=4)[Paul Klementyev](/maintainers/klermonte)[@klermonte](https://github.com/klermonte) --- Top Contributors [![klermonte](https://avatars.githubusercontent.com/u/2529340?v=4)](https://github.com/klermonte "klermonte (38 commits)")[![irelic](https://avatars.githubusercontent.com/u/6594384?v=4)](https://github.com/irelic "irelic (2 commits)")[![Antarus66](https://avatars.githubusercontent.com/u/7629380?v=4)](https://github.com/Antarus66 "Antarus66 (1 commits)")[![yuriy-smolin](https://avatars.githubusercontent.com/u/15191040?v=4)](https://github.com/yuriy-smolin "yuriy-smolin (1 commits)") --- Tags laravelaclrbacrole-based-access-control ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/smart-crowd-laravel-rbac/health.svg) ``` [![Health](https://phpackages.com/badges/smart-crowd-laravel-rbac/health.svg)](https://phpackages.com/packages/smart-crowd-laravel-rbac) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[casbin/laravel-authz An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel. 324339.9k4](/packages/casbin-laravel-authz)[hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro)[hosseinhezami/laravel-permission-manager Advanced permission manager for Laravel. 403.3k](/packages/hosseinhezami-laravel-permission-manager)[erag/laravel-role-permission A simple and easy-to-install role and permission management package for Laravel, supporting versions 10.x and 11.x 404.2k](/packages/erag-laravel-role-permission) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)