curly-deni / laravel-scopes
A set of reusable Eloquent global scopes for controlling model visibility based on user ownership and public/private status, designed for seamless integration with Laravel authorization policies.
Fund package maintenance!
curly-deni
Requires
- php: ^8.0
- illuminate/container: ^8.12|^9.0|^10.0|^11.0|^12.0
- illuminate/contracts: ^10.0||^11.0||^12.0
- spatie/laravel-package-tools: ^1.16
Requires (Dev)
- laravel/pint: ^1.14
README
Laravel Scopes provides a set of reusable Eloquent global scopes to control model visibility based on user ownership and public/private status.
It is designed for easy integration with Laravel's authorization policies.
Features
- ✅ Simple and lightweight integration
- ✅ Reusable Eloquent scopes for ownership and visibility
- ✅ Works seamlessly with Laravel Policies
- ✅ No manual query building required
- ✅ Clean separation of concerns between data and authorization
Installation
Install the package via Composer:
composer require curly-deni/laravel-scopes
Usage
All traits are located under the Aesis\Scopes\Traits namespace.
Available traits
HasOwnershipScope— restricts access to models owned by the current user (user_idfield required).HasPublicScope— restricts access to public models (publicfield required).HasPrivateScope— restricts access to private models (privatefield required).HasSelfScope— allows users to see their own models in addition to public/private ones (user_idfield required).
Usage Scenarios
1. Restrict models to the owner only
Use HasOwnershipScope when users should only see their own models.
use Aesis\Scopes\Traits\HasOwnershipScope; class Post extends Model { use HasOwnershipScope; }
2. Restrict models based on public/private status
Use HasPublicScope or HasPrivateScope to filter models by their visibility flag.
Optionally, add HasSelfScope to also allow users to see their own models.
use Aesis\Scopes\Traits\HasPublicScope; use Aesis\Scopes\Traits\HasSelfScope; class Post extends Model { use HasPublicScope, HasSelfScope; }
Trait Selection Guide
| Use Case | Required Traits |
|---|---|
| Users should see only their own models | HasOwnershipScope |
| Users should see only public models | HasPublicScope |
| Users should see only private models | HasPrivateScope |
| Users should see public models and their own private models | HasPublicScope + HasSelfScope |
| Users should see private models and their own private models | HasPrivateScope + HasSelfScope |
Database Requirements
| Trait | Required Field |
|---|---|
HasPublicScope |
public |
HasPrivateScope |
private |
HasOwnershipScope |
user_id |
HasSelfScope |
user_id |
Policy Requirements
When using scopes, you should define the following permissions in your model policies:
| Method | Purpose |
|---|---|
viewPrivate(User $user) |
Allows a user to view private models (e.g., admins or users with special roles). |
viewForeign(User $user) |
Allows a user to view other users' models (in addition to their own, if HasSelfScope is used). |
Example policy:
class PostPolicy { public function viewPrivate(User $user): bool { // Allow access to private models for admins return $user->is_admin; } public function viewForeign(User $user): bool { // Allow users to view models owned by others return $user->can('view-others-posts'); } }
Restrictions
HasOwnershipScopecannot be combined with any other traits.HasPublicScopeandHasPrivateScopecannot be used together.HasSelfScoperequires eitherHasPublicScopeorHasPrivateScope.
Credits
License
The MIT License (MIT).
Please see the LICENSE.md file for more information.
Summary
Laravel Scopes help you automatically filter models by ownership or visibility status without writing repetitive query logic.
Combined with authorization policies, it provides flexible and secure access control at the Eloquent level.