PHPackages tanerkay/laravel-model-acl - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. tanerkay/laravel-model-acl ActiveLibrary[Authentication & Authorization](/categories/authentication) tanerkay/laravel-model-acl ========================== Access control based on individual records / models v0.4(1y ago)21MITPHPPHP ^8.1 Since Aug 23Pushed 5mo ago1 watchersCompare [ Source](https://github.com/tanerkay/laravel-model-acl)[ Packagist](https://packagist.org/packages/tanerkay/laravel-model-acl)[ Docs](https://github.com/tanerkay/laravel-model-acl)[ RSS](/packages/tanerkay-laravel-model-acl/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (4)Dependencies (6)Versions (5)Used By (0) Model-based access control ========================== [](#model-based-access-control) An experiment in model-based access control for Laravel applications. This was to address a shortcoming or two I found in Laravel policies and gates, though that is no longer the case. This package allows record-level access control based on custom authorization rules. This handles cases where you may have many records in a table, but each entity has its own rules for access control. For example, you may have a table of documents, and it's not a simple scenario where a user can edit their own documents, and view all others. Maybe the access of each document has to be set separately, e.g. document X can be edited by Bob & Jane, and viewed by the Staff group; whereas document Y can only be viewed by the Finance team. Here's a demo of how you can use it: ``` use Illuminate\Database\Eloquent\Model; use Tanerkay\ModelAcl\Traits\ModelBasedAccessControl; class Report extends Model { use ModelBasedAccessControl; // ... } $post->can('view'); ``` Documentation ------------- [](#documentation) ### Installation [](#installation) ``` composer require tanerkay/laravel-model-acl ``` You can publish the migration with: ``` php artisan vendor:publish --provider="Tanerkay\ModelAcl\ModelAclServiceProvider" --tag="model-acl-migrations" ``` ``` php artisan migrate ``` You can optionally publish the config file with: ``` php artisan vendor:publish --provider="Tanerkay\ModelAcl\ModelAclServiceProvider" --tag="model-acl-config" ``` ### Assigning access control rules to individual models [](#assigning-access-control-rules-to-individual-models) The `addAccessControl()` method can be used to add rules to individual models. ``` public function addAccessControl( string|array $abilities, object|array $ruleDefinitions, ?string $description = null ): void ``` It accepts: - an ability name or list of abilities that can be used in calls to `can()`. - an array of rule definitions, each rule definition is an array containing a class string `'class'` and an array of arguments `'arguments'`. - an optional description of the rule, which can be stored in the database alongside the rule definition. e.g. Restrict a certain post to moderators and admins. ``` use Tanerkay\ModelAcl\Rules\HasRole; $post->addAccessControl('view', [ [ 'class' => HasRole::class, 'arguments' => ['admin', 'moderator'], ] ]); // throws exception if $user->hasRole(['admin', 'moderator']) doesn't return true $post->can('view'); ``` The `HasRole` class assumes your `User` model has a method `hasRole()` that accepts a string or an array of strings. You can customize the name of the method using the env key `MODEL_ACL_AUTHENTICATABLE_HAS_ROLE`. ### Creating custom rules [](#creating-custom-rules) For other rules or logic, you can construct your own Rule class which implements `\Tanerkay\ModelAcl\Contracts\RuleContract` or which extends the abstract class `\Tanerkay\ModelAcl\Rules\Rule`. e.g. ``` use Illuminate\Support\Arr; use Tanerkay\ModelAcl\Rules\Rule; use Tanerkay\ModelAcl\Exceptions\AuthorizationException; class IpWhitelistRule extends Rule { public function authorize(?Authenticatable $user, $options): void { $ip = request()->ip(); $whitelist = Arr::wrap($options['ip_whitelist']); if (!in_array($ip, $whitelist)) { throw new AuthorizationException('IP address not in whitelist.'); } } } ``` ``` $site = Site::query()->create(); $site->addAccessControl('show', [ [ 'class' => IpWhitelistRule::class, 'options' => [ 'ip_whitelist' => ['127.0.0.1'], ], ] ]); // throws exception if request()->ip() is not in the whitelist $site->can('show'); ``` Testing ------- [](#testing) ``` composer test ``` Thanks ------ [](#thanks) - [Spatie](https://spatie.be) for making awesome packages, this package leverages `spatie/laravel-package-tools` and is itself derived from `spatie/laravel-activitylog`. License ------- [](#license) [The MIT License (MIT)](https://mit-license.org/) ### Health Score 33 — LowBetter than 75% of packages Maintenance60 Regular maintenance activity Popularity4 Limited adoption so far Community7 Small or concentrated contributor base Maturity52 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~430 days Total 4 Last Release 433d ago PHP version history (2 changes)v0.1-alphaPHP ^8.0 v0.4PHP ^8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/b806b4152e48d5ea3891d0039a450cbd653fb43b0f23eb31bf7bc90b4c3945c1?d=identicon)[tanerkay](/maintainers/tanerkay) --- Top Contributors [![tanerkay](https://avatars.githubusercontent.com/u/224194?v=4)](https://github.com/tanerkay "tanerkay (23 commits)") --- Tags laravelauthorizationaccess-control ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/tanerkay-laravel-model-acl/health.svg) ``` [![Health](https://phpackages.com/badges/tanerkay-laravel-model-acl/health.svg)](https://phpackages.com/packages/tanerkay-laravel-model-acl) ``` ### Alternatives [spatie/laravel-activitylog A very simple activity logger to monitor the users of your website or application 5.8k45.4M309](/packages/spatie-laravel-activitylog)[casbin/laravel-authz An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel. 324339.9k4](/packages/casbin-laravel-authz)[laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor)[hosseinhezami/laravel-permission-manager Advanced permission manager for Laravel. 403.3k](/packages/hosseinhezami-laravel-permission-manager) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)