Associate users with roles and permissions

This package allows to save permissions and roles in a database. It is built upon the Laravel's authorization functionality that was introduced in version 5.1.11

Once installed you can do stuff like this:

//adding permissions to a user
$user->givePermissionTo('edit articles');

//adding permissions via a role
$user->assignRole('writer');
$user2->assignRole('writer');

$role->givePermissionTo('edit articles');

You can test if a user has a permission with Laravel's default can-function.

$user->can('edit articles');

Spatie is webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

Install

You can install the package via composer:

$ composer require spatie/laravel-permission

This service provider must be installed.

// config/app.php
'providers' => [
    ...
    Spatie\Permission\PermissionServiceProvider::class,
];

You can publish the migration with:

php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider" --tag="migrations"

After the migration has been published you can create the role- and permission-tables by running the migrations:

php artisan migrate

Finally add the Spatie\Permission\HasRoles-trait to the User model.

Usage

This package allows for users to be associated with roles. Permissions can be associated with roles. A Role and a Permission are regular Eloquent-models. They can have a name and can be created like this:

use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;

$role = Role::create(['name' => 'writer']);
$permission = Permission::create(['name' => 'edit articles']);

###Using permissions A permission can be given to a user:

$user->givePermissionTo('edit articles');

A permission can be revoked from a user:

$user->revokePermissionTo('edit articles');

You can test if a user has a permission:

$user->hasPermission('edit articles');

Saved permissions will be registered with the Illuminate\Auth\Access\Gate-class. So you can test if a user has a permission with Laravel's default can-function.

$user->can('edit articles');

###Using roles and permissions A role can be assigned to a user:

$user->assignRole('writer');

A role can be removed from a user:

$user->removeRole('writer');

You can determine if a user has a certain role:

$user->hasRole('writer');

The assignRole, hasRole, and removeRole-functions can accept a string or a Spatie\Permission\Models\Role-object.

A permission can be given to a role:

$role->givePermissionTo('edit articles');

A permission can be revoked from a role:

$role->revokePermissionTo('edit articles');

The givePermissionTo and revokePermissionTo-functions can accept a string or a Spatie\Permission\Models\Permission-object.

Saved permission and roles are also registered with the Illuminate\Auth\Access\Gate-class.

$user->can('edit articles');

Change log

Please see CHANGELOG for more information what has changed recently.

Testing

$ composer test

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email freek@spatie.be instead of using the issue tracker.

Credits

• Freek Van der Herten
• All Contributors

This package is heavily based on Jeffrey Way's awesome Laracasts-lesson on roles and permissions. His original code can be found in this repo on GitHub.

Alternatives

• BeatSwitch/lock-laravel
• Zizaco/entrust

About Spatie

Spatie is webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

License

The MIT License (MIT). Please see License File for more information.