PHPackages uzzal/acl - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. uzzal/acl ActiveLibrary[Authentication & Authorization](/categories/authentication) uzzal/acl ========= Dynamically configurable authorization for Laravel framework v3.1.0(3mo ago)21.4k4MITPHPPHP >=8.1CI passing Since Feb 2Pushed 3mo ago1 watchersCompare [ Source](https://github.com/mahabubulhasan/acl)[ Packagist](https://packagist.org/packages/uzzal/acl)[ RSS](/packages/uzzal-acl/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (2)Versions (33)Used By (0) [![StandWithPalestine](https://raw.githubusercontent.com/Safouene1/support-palestine-banner/master/StandWithPalestine.svg)](https://techforpalestine.org/learn-more) ACL === [](#acl) > Upgraded to support Laravel 8 and latest versions Dynamically configurable access control for Laravel. One user can have multiple roles. ### Install [](#install) ``` composer require uzzal/acl ``` ### Configuration [](#configuration) In your laravel `config/app.php` under providers add ``` Uzzal\Acl\AclServiceProvider::class ``` ### Publish [](#publish) ``` artisan vendor:publish ``` This command will publish view files inside `views/vendor/acl`, seed files inside the `databases/seed` and a config file `config/acl.php`. ### Database seed [](#database-seed) At your `DatabaseSeeder.php` under `database/seeds` add the following lines ``` $this->call(UserTableSeeder::class); //optional $this->call(RoleTableSeeder::class); $this->call(ResourceTableSeeder::class); $this->call(PermissionTableSeeder::class); $this->call(UserRoleTableSeeder::class); ``` NOTE: If you see any kind of class not found type error try running `composer dump-autoload` ### Artisan command [](#artisan-command) This library comes with an artisan command `acl:resource` to automatically create all the resources (*controller@action*) available in your project under `app/Http/Controllers` directory. To activate this command you need to add these following lines to your `app/Console/Kernel.php` file. ``` protected $commands = [ Uzzal\Acl\Commands\AclResource::class ]; ``` ### Modify the User model [](#modify-the-user-model) In your `User` model add the following trait ``` use Uzzal\Acl\Traits\AccessControlled; class User extends Authenticatable { use AccessControlled; ... } ``` ### \#\[Attribute\] [](#attribute) Acl library now has two attribute support `#Resource`, and `#Authorize` to be used with controller action ``` #[Authorize('Admin, Default')] // string #[Resource('able to see home')] public function index() { return view('home'); } // or alternatively #[Authorize('Admin', 'Default')] // array #[Resource('able to see home')] public function index() { return view('home'); } ``` > Role names are not case sensitive. But use Capitalized word for better readability. NOTE: by default **developer** role has the highest permission level, and it doesn't need to be mentioned in the `#Authorize` attribute. If you remove the `#Authorize` attribute it won't delete the permissions from the database, but if you change the role list in the annotation then it will update the databased accordingly. ### Middleware [](#middleware) This ACL library comes with two middleware as shown below. `AuthenticateWithAcl` is the middleware you need. The other `ResourceMaker` middle ware is just a helper to create resource dynamically if it doesn't exists in the first place and assign permission for it to the `developer` role. In your `kernal.php` file add this lines ``` 'auth.acl' => \Uzzal\Acl\Middleware\AuthenticateWithAcl::class, 'resource.maker' => \Uzzal\Acl\Middleware\ResourceMaker::class, ``` In your `route/web.php` file add this lines ``` Route::group(['middleware' => ['resource.maker','auth.acl']], function () { Route::get('/home', 'HomeController@index'); }); ``` *IMPORTANT*: `resource.maker` must have to be placed before `auth.acl`. In production you can remove `resource.maker` once you have all the resource generated. ### Role & Resource UI [](#role--resource-ui) To access role visit `YOUR-HOST/role` url To access resource UI visit `YOUR-HOST/resource` url ### Access check [](#access-check) There are several ways to check for access By route name here `home.index` is the name of the route. ``` if (allowed('home.index')) { echo "will allow here if the user has access"; } // alternatively in blade template @allowed('home.index') Will be visible if the user has permission @endallowed ``` By controller's action name ``` if (allowed([\App\Http\Controllers\HomeController::class, 'index'])) { echo "will allow here if the user has access"; } // alternatively in blade template @allowed([\App\Http\Controllers\HomeController::class, 'index']) Will be visible if the user has permission @endallowed ``` ### Checking for controller level access [](#checking-for-controller-level-access) Suppose you have two controllers named `HomeController` and `ProfileController` now you want to check if the user has any access to both of the controller then use the following code ``` if (allowedAny(['Home','Profile'])) { echo "Will be visible if the user has permission for any action of Home and Profile controller"; } // alternatively in blade template @allowedAny(['Home','Profile']) Will be visible if the user has permission for any action of Home and Profile controller @endallowedAny // for single controller it can be written like this @allowedAny('Home') Will be visible if the user has permission for any action of Home Controller @endallowedAny ``` ### Checking access by Role name [](#checking-access-by-role-name) ``` if (hasRole(['Admin','Editor'])) { echo "Will be visible if the user has Admin or Editor or both roles"; } // alternatively in blade template @hasRole(['Admin','Editor']) Will be visible if the user has Admin or Editor or both roles @endhasRole // for single Role it can be written like this @hasRole('Admin') Will be visible if the user has Admin roles @endhasRole ``` Contribution ------------ [](#contribution) ``` composer update vendor/bin/testbench workbench:install # not required vendor/bin/testbench workbench:create-sqlite-db vendor/bin/testbench migrate vendor/bin/testbench db:seed --class=Workbench\Database\Seeders\DatabaseSeeder vendor/bin/testbench package:test ``` ### Health Score 53 — FairBetter than 97% of packages Maintenance81 Actively maintained with recent releases Popularity22 Limited adoption so far Community9 Small or concentrated contributor base Maturity83 Battle-tested with a long release history Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~117 days Recently: every ~720 days Total 29 Last Release 99d ago Major Versions v0.1.7 → 1.0.x-dev2017-10-19 v0.1.8 → v1.0.02017-10-21 v1.1.1 → v2.0.02018-03-15 v1.1.3 → v2.0.22018-03-16 v1.1.4 → v3.0.0-beta2022-12-21 PHP version history (3 changes)v0.1.0PHP >=5.6.4 v3.0.0-betaPHP >=8.0 v3.1.0-betaPHP >=8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/151796ef98fb8532608743695688a8c1217ea61de716bfe55b0ad9e0a8488154?d=identicon)[uzzal](/maintainers/uzzal) --- Top Contributors [![mahabubulhasan](https://avatars.githubusercontent.com/u/1210494?v=4)](https://github.com/mahabubulhasan "mahabubulhasan (69 commits)") --- Tags acllaravellaravelsecurityauthorizationaclrbacdynamic permission ### Embed Badge ![Health badge](/badges/uzzal-acl/health.svg) ``` [![Health](https://phpackages.com/badges/uzzal-acl/health.svg)](https://phpackages.com/packages/uzzal-acl) ``` ### Alternatives [santigarcor/laratrust This package provides a flexible way to add Role-based Permissions to Laravel 2.3k5.4M43](/packages/santigarcor-laratrust)[efficiently/authority-controller AuthorityController is an PHP authorization library for Laravel 5 which restricts what resources a given user is allowed to access. 15533.2k](/packages/efficiently-authority-controller)[hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro)[hosseinhezami/laravel-permission-manager Advanced permission manager for Laravel. 403.3k](/packages/hosseinhezami-laravel-permission-manager) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)