PHPackages techgonia/pbac - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. techgonia/pbac ActiveLibrary[Authentication & Authorization](/categories/authentication) techgonia/pbac ============== A powerful Policy-Based Access Control (PBAC) system for Laravel. Combines RBAC, ABAC, and ACL into a unified, fine-grained permission system. 0.0.5(6mo ago)115MITPHPPHP ^8.4 Since Oct 19Pushed 6mo agoCompare [ Source](https://github.com/techgonia-devjio/pbac)[ Packagist](https://packagist.org/packages/techgonia/pbac)[ Docs](https://github.com/techgonia/pbac)[ RSS](/packages/techgonia-pbac/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (11)Versions (9)Used By (0) Laravel PBAC (Policy-Based Access Control) ========================================== [](#laravel-pbac-policy-based-access-control) ![Tests](https://camo.githubusercontent.com/d940ad7f0752e2cbe0d63c50dcebf329078807390051c41fe63258f1b5c4e182/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f74657374732d70617373696e672d627269676874677265656e) ![License](https://camo.githubusercontent.com/b8cadaa967891081f8f165695470689986c028821dd8a040132f6e661795dc0d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c7565) A powerful, flexible, and Policy-Based Access Control (PBAC) system for Laravel 1+. Combines the best of RBAC (Role-Based), ABAC (Attribute-Based), and ACL (Access Control List) into a unified, fine-grained permission system. โœจ Features ---------- [](#-features) - **Fine-Grained Permissions** - Control access at user, group, team, and resource levels - **Deny-First Security** - Explicit deny rules always override allow rules - **Flexible Targeting** - Apply rules to individual users, groups, teams, or any combination - **Priority-Based Rules** - Control rule evaluation order with priority levels - **Attribute-Based Conditions** - Dynamic permissions based on runtime attributes (IP, user level, resource state) - **High Performance** - Optimized queries with caching support - **Laravel Integration** - Seamless integration with Laravel's Gate and Blade directives - **Super Admin Bypass** - Built-in super admin support - **100% Test Coverage** - Comprehensive test suite with 212 tests ๐Ÿ“‹ Requirements -------------- [](#-requirements) - PHP 8.1 or higher - Laravel 11.0 or 12.0 - Database: MySQL 8.0+, PostgreSQL 12+, or SQLite 3.35+ Quick Start ----------- [](#quick-start) ``` # Install via Composer composer require techgonia/pbac # Publish configuration and migrations php artisan vendor:publish --tag="pbac-config" php artisan vendor:publish --tag="pbac-migrations" # Run migrations php artisan migrate ``` ### Add Traits to Your User Model [](#add-traits-to-your-user-model) ``` use Pbac\Traits\HasPbacAccessControl; use Pbac\Traits\HasPbacGroups; use Pbac\Traits\HasPbacTeams; class User extends Authenticatable { use HasPbacAccessControl, HasPbacGroups, HasPbacTeams; } ``` ### Basic Example [](#basic-example) ``` use Pbac\Models\PBACAccessControl; use Pbac\Facades\Pbac; // Grant permission PBACAccessControl::factory() ->allow() ->forUser($user) ->forResource(Post::class, $post->id) ->withAction('edit') ->create(); // Or use the Facade Pbac::allow() ->forUser($user) ->forResource(Post::class, $post->id) ->withAction('edit') ->create(); // Check permission if ($user->can('edit', $post)) { // User can edit this post } // Or use the Facade if (Pbac::can($user, 'edit', $post)) { // User can edit this post } ``` ๐Ÿ“š Documentation --------------- [](#-documentation) ### Getting Started [](#getting-started) - [Installation Guide](docs/installation.md) - Step-by-step installation instructions - [Overview](docs/overview.md) - What is PBAC and why use it - [Core Concepts](docs/core-concepts.md) - Understanding targets, resources, actions, and rules ### Usage Guides [](#usage-guides) - [Basic Usage](docs/basic-usage.md) - Creating and checking permissions - **[Facade Usage](docs/facade-usage.md) - Using the Pbac facade (recommended)** - [Use Cases](docs/use-cases.md) - Real-world application patterns and examples - [Configuration](docs/configuration.md) - Complete configuration reference ### Technical Reference [](#technical-reference) - [Architecture](docs/architecture.md) - Internal architecture and design decisions - [API Reference](docs/api-reference.md) - Complete API documentation ๐Ÿ’ก Core Concepts --------------- [](#-core-concepts) ### The PBAC Model [](#the-pbac-model) PBAC uses a rule-based system where each rule defines: - **Target**: Who (user, group, team) - **Resource**: What (post, file, setting, user, impersonation) - **Action**: How (view, edit, delete, custom actions) - **Effect**: Allow or Deny - **Conditions**(optional): When (IP restrictions, attribute checks) ### Security Model: Deny-First [](#security-model-deny-first) Deny rules ALWAYS override allow rules, regardless of priority: ``` // Even with high priority allow... PBACAccessControl::factory()->allow()->withPriority(1000)->create(); // ...a low priority deny wins PBACAccessControl::factory()->deny()->withPriority(1)->create(); // Result: Access DENIED (secure by default) ``` ๐ŸŽฏ Common Use Cases ------------------ [](#-common-use-cases) ### 1. Group-Based Permissions [](#1-group-based-permissions) ``` $editors = PBACAccessGroup::create(['name' => 'Editors']); $user->groups()->attach($editors->id); PBACAccessControl::factory() ->allow() ->forGroup($editors) ->forResource(Post::class, null) // All posts ->withAction(['view', 'edit', 'publish']) ->create(); ``` ### 2. IP-Based Restrictions [](#2-ip-based-restrictions) ``` PBACAccessControl::factory() ->allow() ->forUser($admin) ->forResource(AdminPanel::class, null) ->withAction('access') ->create([ 'extras' => ['allowed_ips' => ['192.168.1.0/24']] ]); ``` ### 3. Attribute-Based Access [](#3-attribute-based-access) ``` PBACAccessControl::factory() ->allow() ->forUser($user) ->forResource(Post::class, null) ->withAction('edit') ->create([ 'extras' => [ 'requires_attribute_value' => ['status' => 'draft'] ] ]); ``` ### 4. Team Isolation [](#4-team-isolation) ``` $team = PBACAccessTeam::create(['name' => 'Team Alpha']); $user->teams()->attach($team->id); PBACAccessControl::factory() ->allow() ->forTeam($team) ->forResource(Document::class, null) ->withAction('*') ->create(); ``` ๐Ÿ”ฅ Advanced Features ------------------- [](#-advanced-features) ### Super Admin Bypass [](#super-admin-bypass) ``` $user->is_super_admin = true; $user->can('anything', $anything); // always true ``` ### Laravel Gate Integration [](#laravel-gate-integration) ``` Gate::allows('edit', $post); Gate::authorize('publish', $post); ``` ### Blade Directives [](#blade-directives) ``` @pbacCan('edit', $post) Edit @endpbacCan ``` ### Factory Helpers [](#factory-helpers) ``` PBACAccessControl::factory() ->allow() // Set effect ->forUser($user) // Set target ->forResource(Post::class, $id) // Set resource ->withAction(['view', 'edit']) // Set actions ->withPriority(10) // Set priority ->create(['extras' => [...]]); // Add conditions ``` ๐Ÿงช Testing --------- [](#-testing) ``` # Run all tests ./vendor/bin/phpunit # Run with Pest ./vendor/bin/pest # Test coverage ./vendor/bin/phpunit --coverage-html coverage ``` **Test Suite**: 212 tests - 133 Unit tests - 70 Integration tests - 68 Regression tests ๐Ÿค Contributing -------------- [](#-contributing) Contributions welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md). ๐Ÿ“ License --------- [](#-license) MIT License - see [LICENSE.md](LICENSE.md) ๐Ÿ™ Credits --------- [](#-credits) Built with โค๏ธ for Laravel developers ### Health Score 33 โ€” LowBetter than 75% of packages Maintenance66 Regular maintenance activity Popularity7 Limited adoption so far Community2 Small or concentrated contributor base Maturity48 Maturing project, gaining track record How is this calculated?**Maintenance (25%)** โ€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** โ€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** โ€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** โ€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 6 Last Release 208d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/a8fbdcf829b4975e4c3f380879cc9c8543ba3c3829a1bfe01085d2c44a4f873c?d=identicon)[Phoenix404](/maintainers/Phoenix404) --- Tags laravelsecurityauthorizationaclpermissionsrbacaccess-controlabacPolicypbac ### Code Quality TestsPest Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/techgonia-pbac/health.svg) ``` [![Health](https://phpackages.com/badges/techgonia-pbac/health.svg)](https://phpackages.com/packages/techgonia-pbac) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[casbin/laravel-authz An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel. 324339.9k4](/packages/casbin-laravel-authz)[hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro)[erag/laravel-role-permission A simple and easy-to-install role and permission management package for Laravel, supporting versions 10.x and 11.x 404.2k](/packages/erag-laravel-role-permission)[hosseinhezami/laravel-permission-manager Advanced permission manager for Laravel. 403.3k](/packages/hosseinhezami-laravel-permission-manager) PHPackages ยฉ 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)