Light-weight role-based permissions for Laravel 5 built in Auth system.

2.0.8 2023-03-02 23:33 UTC

This package is auto-updated.

Last update: 2023-11-14 15:02:05 UTC


Laravel Source Build Status License Total Downloads

Laravel ACL adds role based permissions to built in Auth System of Laravel 9.0+. ACL middleware protects routes and even crud controller methods.

Table of Contents


  • Version 2.x of this package requires PHP 7.2+ and Laravel 6.0+
  • Version 1.x requires PHP 5.6+ and Laravel 5.0+

Getting Started

Install the package using composer

composer require kodeine/laravel-acl

If you need to support Laravel 5.x, make sure to install version 1.x

composer require kodeine/laravel-acl "^1.0"
  1. If you are using Laravel before version 5.4, manually register the service provider in your config/app.php file
'providers' => [
  1. Publish the package configuartion files and add your own models to the list of ACL models"
$ php artisan vendor:publish --provider="Kodeine\Acl\AclServiceProvider"

Once you publish, it publishes the configuration file where you can:

  • Use your own models: Define your own models which should extend to Acl models.
  • Use your own guard: Define a guard other than laravel default for user recovery.
  1. Add the middleware to your app/Http/Kernel.php.
protected $routeMiddleware = [
    'acl' => 'Kodeine\Acl\Middleware\HasPermission',
  1. Add the HasRole trait to your User model.
use Kodeine\Acl\Traits\HasRole;

class User extends Model implements AuthenticatableContract, CanResetPasswordContract
    use Authenticatable, CanResetPassword, HasRole;
  1. Run the migrations to generate your roles and permissions tables

Please note that if you are upgrading to 6.0 from a previous version, the default column type for the id on the users table has changed. On certain databases foreign keys can only be defined with matching column types. As such, you will need to change the id column on your users table to bigInteger in to user this package.

php artisan migrate


Follow along the Wiki to find out more.


Here's the TODO list for the next release.

  • Refactoring the source code.
  • Correct all issues.
  • Adding cache to final user permissions.

Change Logs

June 14 2022

  • Added support for different guard

September 14 2019

  • Updated the readme to reflect new major release

September 13, 2019

  • Added support for Laravel 6

September 22, 2016*

  • Added unit tests

September 20, 2016*

  • Added support for Laravel 5.3

September 19, 2016

  • Added cache support to Roles and Permissions.

June 14, 2015

March 28, 2015

  • Added Role Scope to get all users having a specific role. e.g User::role('admin')->get(); will list all users having admin role.

March 7, 2015

  • is() and can() methods now support comma for AND and pipe as OR operator. Or pass an operator as a second param. more information
  • You can bind multiple permissions together so they inherit ones permission. more information

Contribution Guidelines

Support follows PSR-2 PHP coding standards, and semantic versioning.

Please report any issue you find in the issues page. Pull requests are welcome.