deifhelt / laravel-permissions-manager
Roles and permissions manager for Laravel.
Installs: 12
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
pkg:composer/deifhelt/laravel-permissions-manager
Requires
- php: ^8.1
- illuminate/contracts: ^10.0||^11.0||^12.0
- illuminate/support: ^10.0||^11.0||^12.0
- spatie/laravel-permission: ^6.0
Requires (Dev)
- larastan/larastan: ^2.0||^3.0
- laravel/pint: ^1.10
- nunomaduro/collision: ^7.0||^8.0
- orchestra/testbench: ^8.0||^9.0||^10.0
- pestphp/pest: ^2.34||^3.0
- pestphp/pest-plugin-arch: ^2.7||^3.0
- pestphp/pest-plugin-laravel: ^2.0||^3.0
- phpstan/extension-installer: ^1.4
- phpstan/phpstan-deprecation-rules: ^1.0||^2.0
- phpstan/phpstan-phpunit: ^1.0||^2.0
README
A powerful wrapper around spatie/laravel-permission that manages permissions and roles through a simple configuration file.
Features
- Config-Driven: Define permissions in
config/permissions.php - Auto-CRUD Generation: Automatically generates CRUD permissions
- Smart Syncing: Efficient database synchronization
- Smart Translations: Automatic human-readable labels
- Policy Trait: Simplify authorization with
HasPermissionCheck
Note: This package wraps
spatie/laravel-permission. For advanced features like blade directives, middleware usage, caching, and direct role/permission assignment, see the official Spatie documentation.
Installation
Install via Composer (Spatie Permission is included automatically):
composer require deifhelt/laravel-permissions-manager
Publish this package configuration:
php artisan vendor:publish --provider="Deifhelt\LaravelPermissionsManager\PermissionManagerServiceProvider"
This creates config/permissions.php (this package's permission definitions).
Publish Spatie Permission configuration and migrations:
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"
This creates config/permission.php (Spatie's internal configuration) and migration files.
Clear config cache:
php artisan optimize:clear
Run migrations:
php artisan migrate
Add the HasRoles trait to your User model:
use Spatie\Permission\Traits\HasRoles; class User extends Authenticatable { use HasRoles; }
Configuration
Standard CRUD Permissions
Define resources to auto-generate read, create, update, destroy permissions:
// config/permissions.php 'permissions' => [ 'users', 'posts', 'products', ],
This generates: read users, create users, update users, destroy users, etc.
Special Permissions
Add custom actions that don't fit the CRUD pattern:
'special_permissions' => [ 'users' => ['ban', 'impersonate'], 'system' => ['view-logs', 'maintenance-mode'], ],
This generates: ban users, impersonate users, view-logs system, etc.
Super Admin (Bypass)
Define roles that bypass all permission checks (Super Admin). These roles are defined separately because they inherently have all permissions.
// config/permissions.php 'super_admin_role' => 'admin', // Can be a string or array: ['admin', 'root']
Note:
- The
permissions:synccommand automatically creates these roles in the database for you. - Global Bypass: This package registers a
Gate::beforecallback. This ensures that@can('any'),$user->can('any'), and Policies automatically returntruefor these users, even if they have 0 permissions in the database.
Roles
Define standard roles and assign their specific permissions:
'roles' => [ // Manager - specific resources 'manager' => [ 'users' => ['read', 'create', 'update'], // Specific actions 'posts', // All permissions for posts ], // Editor - explicit permission strings 'editor' => [ 'read posts', 'create posts', 'update posts', ], ], ## Translations Easily translate technical permissions (e.g., `create users`) into human-readable labels (e.g., "Crear Usuarios"). ```bash php artisan vendor:publish --tag=permissions-translations
Then use in your code:
use Deifhelt\LaravelPermissionsManager\Facades\Permissions; ```php use Deifhelt\LaravelPermissionsManager\Facades\Permissions; // Returns ['name' => 'create users', 'label' => 'Crear Usuarios'] $all = Permissions::getPermissionsWithLabels(); // Translate a single permission echo Permissions::translate('create users');
See Translations Documentation for full details.
Note: The system automatically respects your
config('app.locale')and any runtime locale changes.
Sync Permissions
After configuring your permissions and roles, sync them to the database:
php artisan permissions:sync
Alternative: Using Database Seeders
For automated deployments, CI/CD pipelines, or NativePHP applications where you can't run artisan commands interactively, use the included seeder:
use Deifhelt\LaravelPermissionsManager\Database\Seeders\RolesAndPermissionsSeeder; class DatabaseSeeder extends Seeder { public function run(): void { $this->call(RolesAndPermissionsSeeder::class); } }
This is particularly useful for NativePHP desktop applications where the database is created on first run.
Using with Policies
Use the HasPermissionCheck trait to simplify policy authorization:
use Deifhelt\LaravelPermissionsManager\Traits\HasPermissionCheck; class PostPolicy { use HasPermissionCheck; public function viewAny(User $user): bool { return $this->checkPermission($user, 'read posts'); } public function update(User $user, Post $post): bool { // Checks permission AND ownership (user_id) return $this->checkPermission($user, 'update posts', $post); } }
Features:
- Admin Bypass: Users with
adminrole automatically pass all checks - Permission Validation: Verifies user has required permission
- Ownership Check: When passing a model, validates
user_idmatches
Documentation
- Installation - Complete setup guide including Laravel 11/12 middleware
- Configuration & Usage - Deep dive into permissions, roles, and commands
- Translations - Translate permissions automatically
- Policies - Security patterns and trait usage
License
The MIT License (MIT). Please see License File for more information.