PHPackages ssntpl/laravel-acl - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. ssntpl/laravel-acl ActiveLibrary[Authentication & Authorization](/categories/authentication) ssntpl/laravel-acl ================== Laravel ACL package. v0.2.0(5mo ago)3437↓24.1%11MITPHPPHP ^8.0 Since Oct 9Pushed 5mo agoCompare [ Source](https://github.com/ssntpl/laravel-acl)[ Packagist](https://packagist.org/packages/ssntpl/laravel-acl)[ Docs](https://github.com/ssntpl/laravel-acl)[ RSS](/packages/ssntpl-laravel-acl/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (1)Versions (3)Used By (1) Laravel ACL =========== [](#laravel-acl) Laravel ACL is a framework-agnostic access control layer for Laravel 10/11/12 projects. It provides global and resource-scoped roles, explicit ALLOW/DENY permissions, permission implication trees, and cache-friendly lookups that plug straight into your existing Eloquent models through a reusable trait. Features -------- [](#features) - Global or resource-scoped role assignments stored via polymorphic pivots. - Permission inheritance (parent → child) with cached graph traversal. - Explicit ALLOW/DENY effects per role-permission pair layered on top of implied permissions. - Role assignment expirations and helper trait (`HasRoles`) for Eloquent subjects. - Cache invalidation hooks plus an `acl:cache-reset` artisan command. - First-class artisan tooling for creating permissions, roles, and assignments. - HTTP middleware for checking global roles or permissions in routes/controllers. Requirements ------------ [](#requirements) - PHP ^8.0 - Laravel framework ^10.0 | ^11.0 | ^12.0 Installation ------------ [](#installation) ``` composer require ssntpl/laravel-acl ``` 1. (Optional) Publish the config and migrations: ``` php artisan vendor:publish --tag=acl-config php artisan vendor:publish --tag=acl-migrations ``` 2. Run the migrations: ``` php artisan migrate ``` Configuration (`config/acl.php`) -------------------------------- [](#configuration-configaclphp) ``` return [ 'cache_ttl' => env('ACL_CACHE_TTL', 86400), ]; ``` - `cache_ttl` – lifetime (seconds) for cached permission trees and role lookups. Database schema --------------- [](#database-schema) Publishing the migration adds: TableKey columnsPurpose`acl_roles``name`, `resource_type`, `description`Defines each role; `resource_type` is `null` for global roles.`acl_permissions``name`, `resource_type`Defines permissions; names are unique.`acl_role_permissions``role_id`, `permission_id`, `effect`Pivot with ALLOW/DENY effect per permission.`acl_role_assignments``subject_type`, `subject_id`, `role_id`, optional `resource_*`, `expires_at`Links a subject (e.g., user) to a role, optionally scoped to a resource, with expiration support.`acl_permissions_implications``parent_permission_id`, `child_permission_id`Models permission implication trees (grant parent ⇒ grant child).Usage ----- [](#usage) ### 1. Add `HasRoles` to the authenticatable model [](#1-add-hasroles-to-the-authenticatable-model) ``` namespace App\Models; use Illuminate\Foundation\Auth\User as Authenticatable; use Ssntpl\LaravelAcl\Traits\HasRoles; class User extends Authenticatable { use HasRoles; } ``` ### 2. Create permissions [](#2-create-permissions) Interactive artisan flow: ``` php artisan acl:create-permission articles.publish "App\\Models\\Project" --implied="articles.read|articles.list" ``` Programmatically: ``` use Ssntpl\LaravelAcl\Models\Permission; $publish = Permission::create(['name' => 'articles.publish']); $read = Permission::firstOrCreate(['name' => 'articles.read']); $publish->children()->attach($read); // Publish implies read ``` ### 3. Create roles and attach permissions [](#3-create-roles-and-attach-permissions) ``` php artisan acl:create-role admin "App\\Models\\Project" "articles.read|articles.publish|comments.moderate" ``` In PHP you can use either `syncPermissions()` (implicit ALLOW) or `syncPermissionsWithEffect()`: ``` use Ssntpl\LaravelAcl\Models\Role; $role = Role::firstOrCreate([ 'name' => 'admin', 'resource_type' => App\Models\Project::class, ]); $role->syncPermissionsWithEffect([ $publish->id => 'ALLOW', $read->id => 'ALLOW', ]); ``` ### 4. Assign roles [](#4-assign-roles) Using the trait: ``` $user = User::find(1); $project = Project::find(42); $user->assignRole('admin', $project); // scoped role $user->assignRole('super-admin', null, now()->addMonth()); // global role with expiration ``` Using the command (handy for ops/support teams): ``` php artisan acl:assign-role admin App\\Models\\User:1 App\\Models\\Project:42 --expires-at="2025-12-31 23:59:59" ``` ### 5. Check roles & permissions [](#5-check-roles--permissions) ``` if ($user->hasRole('admin', $project)) { // subject is an admin of this project } $role = $user->getRole(); // global role assignment (resource = null) if ($role && $role->can('articles.publish')) { // allowed via direct or implied permission (and not explicitly denied) } ``` `removeRole($resource = null)` deletes an assignment, and calling `getRole($resource)` returns the underlying `Role` model instance if one exists and is not expired. HTTP middleware --------------- [](#http-middleware) Register the middleware aliases in `app/Http/Kernel.php`: ``` protected $middlewareAliases = [ 'check_global_role' => \Ssntpl\LaravelAcl\Http\Middleware\CheckGlobalRole::class, 'check_global_permission' => \Ssntpl\LaravelAcl\Http\Middleware\CheckGlobalPermission::class, ]; ``` Usage: ``` Route::get('/admin', fn () => 'ok')->middleware('check_global_role:admin|manager'); Route::post('/articles', fn () => 'ok')->middleware('check_global_permission:articles.publish|articles.create'); ``` Both middleware assume global assignments (resource is `null`) when evaluating the authenticated subject. > The authenticated guard’s model must use the `HasRoles` trait (or at least expose compatible `hasRole`/`getRole` methods) because the middleware works directly with `Auth::user()` without re-querying the database. Caching & invalidation -------------------------- [](#caching--invalidation) Role permissions and implied permission trees are cached per record using the configured TTL. Cache invalidation happens automatically when: - Permissions are created, updated, deleted, or their implication edges change. - Roles are updated or their pivot records change. - The `acl:cache-reset` command is executed. Run a full reset manually with: ``` php artisan acl:cache-reset ``` Artisan command reference ------------------------- [](#artisan-command-reference) CommandDescription`acl:create-permission`Create/update a permission and optionally attach implied permissions (supports interactive prompts).`acl:create-role`Create a role and assign permissions in one step.`acl:assign-role`Attach a role to a subject/resource pair with optional expiration.`acl:cache-reset`Flush cached permissions and role lookups.Support & contributing -------------------------- [](#support--contributing) - Issues: - Source: PRs are welcome. Please include reproduction steps or tests when reporting/patching bugs. ### Health Score 36 — LowBetter than 82% of packages Maintenance70 Regular maintenance activity Popularity22 Limited adoption so far Community14 Small or concentrated contributor base Maturity31 Early-stage or recently created project Bus Factor1 Top contributor holds 81.8% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~47 days Total 2 Last Release 167d ago PHP version history (2 changes)v0.1.0PHP \* v0.2.0PHP ^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/e1a881a558930fc707b2b26b51b5fa535947555a1bd08efef827fe2b9bdd24f1?d=identicon)[ssntpl](/maintainers/ssntpl) --- Top Contributors [![Abhishek5Sharma](https://avatars.githubusercontent.com/u/160742025?v=4)](https://github.com/Abhishek5Sharma "Abhishek5Sharma (9 commits)")[![sambhav-aggarwal](https://avatars.githubusercontent.com/u/4591834?v=4)](https://github.com/sambhav-aggarwal "sambhav-aggarwal (2 commits)") --- Tags laravelaclrolespermissionsrbacrole-based-access-controlaccess control listssntpl ### Embed Badge ![Health badge](/badges/ssntpl-laravel-acl/health.svg) ``` [![Health](https://phpackages.com/badges/ssntpl-laravel-acl/health.svg)](https://phpackages.com/packages/ssntpl-laravel-acl) ``` ### Alternatives [santigarcor/laratrust This package provides a flexible way to add Role-based Permissions to Laravel 2.3k5.4M43](/packages/santigarcor-laratrust)[hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro)[erag/laravel-role-permission A simple and easy-to-install role and permission management package for Laravel, supporting versions 10.x and 11.x 404.2k](/packages/erag-laravel-role-permission)[phpzen/laravel-rbac Role based access control for Laravel 5 383.2k](/packages/phpzen-laravel-rbac) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)