Authorize is a package for Laravel that provides User Access Control using Roles and Permissions.

From the command line, run:

composer require crabbly/authorize

For your Laravel app, open config/app.php and, within the providers array, append:

Crabbly\Authorize\AuthorizeServiceProvider::class

This will bootstrap the package into Laravel.

php artisan vendor:publish --provider="Crabbly\Authorize\AuthorizeServiceProvider" --tag="migrations"

php artisan migrate

<?php

namespace App;

use Crabbly\Authorize\UserAuthorizeTrait;
use Illuminate\Database\Eloquent\Model;

class User extends Model
{
    use UserAuthorizeTrait;

    //...
}

After the migration, four new tables will be present:

• roles — stores role records
• role_user — stores many-to-many relations between roles and users
• permissions — stores permission records
• permission_role — stores many-to-many relations between roles and permissions

The package comes with two models, Role and Permission.

The Role model has three main attributes:

• name — Unique name for the Role, used for looking up role information in the application layer. For example: "admin", "owner", "employee".
• display_name — Human readable name for the Role. For example: "User Administrator", "Project Owner", "Company Employee".
• description — A more detailed explanation of what the Role does. This field is optional and nullable in the database.

The Permission model has the same three attributes as the Role:

• name — Unique name for the permission, used for looking up permission information in the application layer. For example: "create-post", "edit-user".
• display_name — Human readable name for the permission. Not necessarily unique. For example "Create Posts", "Edit Users".
• description — A more detailed explanation of the Permission.

Create an admin role:

<?php

  use Crabbly\Authorize\Role;

  ...

  Role::create([
            'name' => 'admin',
            'display_name' => "Administrator",
            'description' => '' //optional
        ]);

Roles and Users have a Many to Many relationship. We can attach and detach roles to users like this:

<?php

  //add role of id $role_id to $user
  $user->roles()->attach($role_id);

  //remove role of id $role_id to $user
  $user->roles()->detach($role_id);

To check if a User is assigned with the Role admin:

<?php

  if ($user->hasRole('admin')) // pass in role name
  {
    //admin only code
  }

Most apps will probably have an admin Role, for this we can just use:

<?php

  if ($user->isAdmin())
  {
    //admin only code
  }

Create an delete_users permission:

<?php

  use Crabbly\Authorize\Permission;

  ...

  Permission::create([
            'name' => 'delete_users',
            'display_name' => "Delete Users",
            'description' => '' //optional
        ]);

Permissions and Roles have a Many to Many relationship. We can attach and detach permissions to roles like this:

<?php

  //add permission of id $permission_id to $role
  $role->permissions()->attach($permission_id);

  //remove permission of id $permission_id to $role
  $user->permissions()->detach($permission_id);

To check if a User has the Permission delete_users:

<?php

  if ($user->hasPermission('delete_users')) // pass in permission name
  {
    //delete users code
  }

This will check if any of the Roles that were assigned to the user, has the Permission delete_users.

Pull requests are welcome. Please report any issue you find in the issues page.

Authorize is free software distributed under the terms of the MIT license.