PHPackages xetreon/role-permission - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. xetreon/role-permission ActiveLibrary[Authentication & Authorization](/categories/authentication) xetreon/role-permission ======================= An Api based Role Permission management system for PHP 0.0.2(8mo ago)1515↓50%MITPHPPHP ^8.1 Since Jan 30Pushed 8mo ago1 watchersCompare [ Source](https://github.com/xetreon/role-permission)[ Packagist](https://packagist.org/packages/xetreon/role-permission)[ RSS](/packages/xetreon-role-permission/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (2)DependenciesVersions (3)Used By (0) Xetreon Role Permission for Laravel =================================== [](#xetreon-role-permission-for-laravel) A lightweight and flexible **role and permission management package** for Laravel. It allows you to manage roles, assign permissions, and automatically generate permissions from your controllers. Supports super admin bypass and custom authentication drivers. --- ☕ Support Me ------------ [](#-support-me) If you find this package helpful, consider supporting my work: [![Buy Me a Coffee](https://camo.githubusercontent.com/121ab1e6f18085acf960ea6dc2d1a763504de40c6784b73614afe485798749de/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4275792532304d6525323061253230436f666665652d2532334646444430303f7374796c653d666f722d7468652d6261646765266c6f676f3d6275792d6d652d612d636f66666565266c6f676f436f6c6f723d626c61636b)](https://buymeacoffee.com/xetreon) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ [](#) Installation ------------ [](#installation) Install via Composer: ``` composer require xetreon/role-permission ``` Laravel 12 Integration ---------------------- [](#laravel-12-integration) 1. **Add the Service Provider** For Laravel 12 (add in `bootstrap/providers.php`): ``` Xetreon\RolePermission\RolePermissionServiceProvider::class, ``` For older Laravel versions (add in config/app.php): ``` Xetreon\RolePermission\RolePermissionServiceProvider::class, ``` 2. **Add the Service Provider** ``` artisan vendor:publish --provider="Xetreon\RolePermission\RolePermissionServiceProvider" ``` 3. **Add the Service Provider** ``` php artisan migrate ``` Configuration ------------- [](#configuration) The configuration file role-permission.php contains the following options: ``` return [ /** * code of the super admin role */ 'super_admin_role' => 'super_admin', /** * If true, then we dont need to setup permission for super admin role. By default, super admin can access all resources. * If false, then we need to setup role for the super admin */ 'allow_super_admin_overwrite_all' => true, /** * All the possible permission for each resource. please add permission as required. */ 'permissions' => ['index', 'create', 'update', 'destroy'], /** * By default, it will look for the controlles inside App\Http\Controllers\v1 folder. * if you are going to keep the controllers inside the controller folder directly then make this empty string */ 'controller_directory_suffix' => '/v1', // If we want to generate permission for a specific folder /** * All the controller you dont want to generate permisison fop. * Usually Auth, Password reset or any other controller that is for public, we dont want to generate permission for. * For that only pass the relative path inside the controller_directory * For example, if the controller path is /var/www/project/app/Http/Controllers/v1/Auth/AuthController.php, then you need to add * Auth/AuthController in the exlude array. No need to add the extension as well */ 'exclude' => ['Auth/AuthController', 'BaseController'], /** * By default, this will use laravel's auth driver. If you are using some custom driver enter the path here. * The driver must return the User collection. */ 'auth_driver' => Xetreon\RolePermission\Core\JwtAuthDriver::class, /** * If you enable this, the permission module only will throw the exception. If you keep it false, the permission module will retun false when you check for permission. */ 'throw_exception_on_false_permission' => true, /** * If you have throw_exception_on_false_permission as true, then this will be the exception that the module will throw. If you want to use any custom exception class, define it here. */ 'permission_exception' => \App\Exceptions\PermissionException::class, ]; ``` **Explanation of Key Options:** ``` super_admin_role – Code for the super admin role. allow_super_admin_overwrite_all – If true, super admin bypasses permission checks. permissions – List of actions for resources. Extend as needed. controller_directory_suffix – Folder suffix where controllers are located; used when generating permissions. exclude – Controllers to skip when generating permissions (e.g., Auth, BaseController). auth_driver – Custom authentication driver if Laravel default is not used. throw_exception_on_false_permission – Toggle exception throwing for unauthorized access. permission_exception – Custom exception class to throw when permission fails. ``` Usage ----- [](#usage) 1. **Add Trait to User Model** ``` use Xetreon\RolePermission\Traits\Permissible; class User extends Authenticatable { use Permissible; } ``` Artisan Commands ---------------- [](#artisan-commands) 1. **Generate All Permissions** ``` php artisan xetreon:permissions ``` Scans the configured controller directory and Generates permissions for all controller methods (index, create, update, destroy by default). This also Skips controllers listed in exclude. 2. **Seed Super Admin Role** ``` php artisan xetreon:seedRole {user_id?} ``` Seeds the Super Admin role in your database and assign a user as Super Admin by providing their ID. Automatically bypasses all permission checks if `allow_super_admin_overwrite_all` is true. Methods ------- [](#methods) `$user->addRole($role)` – Assigns a role to a user. `$user->removeRole()` – Removes all roles from a user. `$user->roles()` – Returns all roles of the user. `$user->getRole()` – Returns the first assigned role. Query scopes ------------ [](#query-scopes) `$user->whereHasRole($role)` – Filter users by role code. `$user->whereHasRoleId($roleId)` – Filter users by role ID. Check Permissions in Controllers -------------------------------- [](#check-permissions-in-controllers) **Add this to any controller to check user permissions:** ``` use Xetreon\RolePermission\RolePermission; class PostController extends Controller { use RolePermission; public function update() { $this->checkRole('update'); // Checks if the user has permission // Your update logic here } } ``` **Allowed Methods in controller** `$this->checkRole($method)` – Checks if the authenticated user has permission for the method. Core Authentication Drivers --------------------------- [](#core-authentication-drivers) `JwtAuthDriver` – Default driver using your Auth::getAuth() method. `DefaultAuthDriver` – Uses Laravel's built-in Auth::user(). You can create a custom driver by implementing a getAuth() method that returns a User instance. and you can update the newly created driver in `auth_driver` field in the `config.php` Migrations ---------- [](#migrations) The package provides migrations for: ``` roles – Stores all roles. permissions – Stores all permissions. user_roles – Pivot table for user-role relationship. role_permissions – Pivot table for role-permission relationship. ``` Logging ------- [](#logging) Both commands (xetreon:permissions and xetreon:seedRole) log actions using Laravel's default logging system (Log::info()). Exception Handling ------------------ [](#exception-handling) By default, permission failure return false. If `throw_exception_on_false_permission` is false, checkRole() simply returns false. If you want to throws the exception defined in permission\_exception config, set `throw_exception_on_false_permission` as true Notes ----- [](#notes) - Super Admin automatically bypasses all permission checks if `allow_super_admin_overwrite_all` is true. - Always run php artisan xetreon:permissions after adding new controllers or actions. - Excluded controllers are ignored during permission generation. For example, if the controller path is `/var/www/project/app/Http/Controllers/v1/Auth/AuthController.php`, then you need to add `Auth/AuthController` in the exlude array. No need to add the extension as well. Example Workflow ---------------- [](#example-workflow) - Install package and publish config. - Run migrations. - Seed super admin role: `php artisan xetreon:seedRole 1`-Generate permissions: `php artisan xetreon:permissions` - Assign roles to users: ``` $user = User::find(2); $user->addRole($roleId); ``` - Check permissions in controllers using RolePermission trait: ``` $this->checkRole('update'); ``` License ------- [](#license) MIT License ### Health Score 35 — LowBetter than 80% of packages Maintenance61 Regular maintenance activity Popularity19 Limited adoption so far Community9 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 90% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~582 days Total 2 Last Release 257d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/160285856?v=4)[Pallab Mandal](/maintainers/pallabmandal)[@PallabMandal](https://github.com/PallabMandal) --- Top Contributors [![xetreon](https://avatars.githubusercontent.com/u/4014606?v=4)](https://github.com/xetreon "xetreon (9 commits)")[![pallab1121](https://avatars.githubusercontent.com/u/104832402?v=4)](https://github.com/pallab1121 "pallab1121 (1 commits)") ### Embed Badge ![Health badge](/badges/xetreon-role-permission/health.svg) ``` [![Health](https://phpackages.com/badges/xetreon-role-permission/health.svg)](https://phpackages.com/packages/xetreon-role-permission) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)