PHPackages                             smart-crowd/laravel-rbac - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. smart-crowd/laravel-rbac

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

smart-crowd/laravel-rbac
========================

Laravel RBAC implementation.

v0.1.3(10y ago)151.3k8[1 issues](https://github.com/SmartCrowd/laravel-rbac/issues)MITPHP

Since Jul 14Pushed 9y ago11 watchersCompare

[ Source](https://github.com/SmartCrowd/laravel-rbac)[ Packagist](https://packagist.org/packages/smart-crowd/laravel-rbac)[ RSS](/packages/smart-crowd-laravel-rbac/feed)WikiDiscussions master Synced today

READMEChangelog (4)Dependencies (4)Versions (8)Used By (0)

Laravel RBAC
============

[](#laravel-rbac)

Laravel 5 RBAC implementation

Package was inspired by RBAC module from Yii Framework

Installation
------------

[](#installation)

1. Run

    ```
    composer require "smart-crowd/laravel-rbac":"dev-master"
    ```
2. Add service provider and facade into `/config/app.php` file.

    ```
    'providers' => [
        ...

        SmartCrowd\Rbac\RbacServiceProvider::class,
    ],
    ...

    'aliases' => [
        ...

        'Rbac' => 'SmartCrowd\Rbac\Facades\Rbac'
    ]
    ```
3. Publish package configs

    ```
    php artisan vendor:publish
    ```
4. Implement `Assignable` contract in your user model. And use `AllowedTrait`.

    ```
    use SmartCrowd\Rbac\Traits\AllowedTrait;
    use SmartCrowd\Rbac\Contracts\Assignable;

    class User extends Model implements Assignable
    {
        use AllowedTrait;

        /**
         * Should return array of permissions and roles names,
         * assigned to user.
         *
         * @return array Array of user assignments.
         */
        public function getAssignments()
        {
            // your implementation here
        }
        ...
    }
    ```

Usage
-----

[](#usage)

1. Describe you permissions in `/Rbac/items.php`
2. Use inline in code

    ```
    if (Auth::user()->allowed('article.delete', ['article' => $article])) {
        // user has access to 'somePermission.name' permission
    }
    ```
3. Or in middleware

    ```
    Route::delete('/articles/{article}', [
        'middleware' => 'rbac:article.delete',
        'uses' => 'ArticlesController@delete'
    ]);
    ```

    Of course, don't forget to register middleware in `/Http/Kernel.php` file

    ```
    protected $routeMiddleware = [
        ...
        'rbac' => 'SmartCrowd\Rbac\Middleware\RbacMiddleware',
    ];
    ```

    To use route parameters in business rules as models instead just ids, you should bind it in `RouteServicePrivider.php`:

    ```
    public function boot(Router $router)
    {
        //...
        $router->model('article', '\App\Article');

        parent::boot($router);
    }
    ```

    There are 3 ways to bind permission name to action name:

    - middleware paramenter
    - bind they directelly in `/Rbac/actions.php` file
    - name permission like action, for example `article.edit` for `ArticleController@edit` action
4. Or in your views

    ```
    @allowed('article.edit', ['article' => $article])
        edit
    @else
        You can not edit this article
    @endallowed
    ```

    If `rbac.shortDirectives` option are enabled, you can use shorter forms of directives, like this:

    ```
    @allowedArticleEdit(['article' => $article])
        {{ $some }}
    @endallowed

    @allowedIndex
        {{ $some }}
    @endallowed
    ```

### Context Roles

[](#context-roles)

In some cases, you may want to have dynamically assigned roles. For example, the role `groupModerator` is dynamic, because depending on the current group, the current user may have this role, or may not have. In our terminology, this role are "Context Role", and current group is "Role Context". The context decides which additional context roles will be assigned to the current user. In our case, `Group` model should implement `RbacContext` interface, and method `getAssignments($user)`.

When checking is enough to send context model among other parameters:

```
@allowed('group.post.delete', ['post' => $post, 'group' => $group]) // or $post->group
    post delete button
@endallowed
```

But for automatic route check in middleware we usually send only post without group:

```
Route::delete('/post/{post}', [
    'middleware' => 'rbac:group.post.delete',
    'uses' => 'PostController@delete'
]);
```

For this case you can implement `RbacContextAccesor` intarface by `Post` model. `getContext()` method should return `Group` model. Then you just have to send only the post, and context roles will be applied in middleware to:

```
@allowed('group.post.delete', ['post' => $post])
    post delete button
@endallowed
```

You can not do that, if you send context with subject:

```
Route::delete('/group/{group}/post/{post}', [
    'middleware' => 'rbac:group.post.delete',
    'uses' => 'PostController@delete'
]);
```

###  Health Score

32

—

LowBetter than 69% of packages

Maintenance19

Infrequent updates — may be unmaintained

Popularity25

Limited adoption so far

Community18

Small or concentrated contributor base

Maturity58

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 90.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~123 days

Total

5

Last Release

3516d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/2529340?v=4)[Paul Klementyev](/maintainers/klermonte)[@klermonte](https://github.com/klermonte)

---

Top Contributors

[![klermonte](https://avatars.githubusercontent.com/u/2529340?v=4)](https://github.com/klermonte "klermonte (38 commits)")[![irelic](https://avatars.githubusercontent.com/u/6594384?v=4)](https://github.com/irelic "irelic (2 commits)")[![Antarus66](https://avatars.githubusercontent.com/u/7629380?v=4)](https://github.com/Antarus66 "Antarus66 (1 commits)")[![yuriy-smolin](https://avatars.githubusercontent.com/u/15191040?v=4)](https://github.com/yuriy-smolin "yuriy-smolin (1 commits)")

---

Tags

laravelaclrbacrole-based-access-control

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/smart-crowd-laravel-rbac/health.svg)

```
[![Health](https://phpackages.com/badges/smart-crowd-laravel-rbac/health.svg)](https://phpackages.com/packages/smart-crowd-laravel-rbac)
```

###  Alternatives

[spatie/laravel-permission

Permission handling for Laravel 12 and up

12.9k102.4M1.4k](/packages/spatie-laravel-permission)[psalm/plugin-laravel

Psalm plugin for Laravel

3355.3M346](/packages/psalm-plugin-laravel)[illuminate/database

The Illuminate Database package.

2.8k54.9M11.6k](/packages/illuminate-database)[laravel/ai

The official AI SDK for Laravel.

1.0k3.2M194](/packages/laravel-ai)[laravel/mcp

Rapidly build MCP servers for your Laravel applications.

77022.3M151](/packages/laravel-mcp)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k3.9M129](/packages/bezhansalleh-filament-shield)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
