lvlup-dev/laravel-user-is-admin

Laravel package that adds an is_admin column to the users table and provides a middleware to protect admin-only routes.

Maintainers

Package info

github.com/lvlup-dev/laravel-user-is-admin

Homepage

Documentation

Type:laravel-package

pkg:composer/lvlup-dev/laravel-user-is-admin

Statistics

Installs: 1

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.1.0 2026-03-29 11:48 UTC

Requires

Requires (Dev)

MIT 68fbaf5bfcc4b9f5969c9e21cc475e41a4fb4b90

adminauthorizationsecuritymiddlewarelaravelrole

This package is auto-updated.

Last update: 2026-03-29 11:50:07 UTC

README

Latest Version on Packagist MIT Licensed

Add a boolean is_admin column on your users table and protect routes with a single admin middleware. No roles, no permissions table—just enough for a simple “is this user an administrator?” check.

Quick example

// routes/web.php
Route::middleware(['auth', 'admin'])->group(function () {
    Route::get('/admin/dashboard', AdminDashboardController::class);
});

Unauthenticated users get Laravel’s usual AuthenticationException; authenticated non-admins get 403 (AccessDeniedHttpException).

Installation

You can install the package via composer:

composer require lvlup-dev/laravel-user-is-admin

Run migrations (the package registers its migration automatically):

php artisan migrate

Note : The service provider registers the middleware alias admin for LvlupDev\UserIsAdmin\Http\Middleware\EnsureUserIsAdmin.

Protecting Routes

You can use the admin middleware to protect your routes. Unauthenticated users will trigger Laravel’s usual AuthenticationException, while authenticated non-admins will get a 403 (AccessDeniedHttpException).

// routes/web.php
Route::middleware(['auth', 'admin'])->group(function () {
    Route::get('/admin/dashboard', AdminDashboardController::class);
});

Granting Admin Rights

This package does not ship a custom User model - you keep yours. To grant admin privileges, simply update the is_admin column.

$user->is_admin = true;
$user->save();

Or via a mass update:

User::query()->whereKey($id)->update(['is_admin' => true]);

Alternatives

laravel-user-is-admin is intentionally minimal: one column, one middleware, no UI and no concept of roles or fine-grained permissions.

If you need roles, permissions, teams, Blade directives, Gates, and a full permission layer, use Spatie Laravel Permission instead—it is the standard choice for richer authorization in Laravel apps.

Read this blog post (in French) on why we prefer this pragmatic approach for MVPs.

Credits

laravel-user-is-admin is built and maintained by LVLUP. We help businesses drive operational efficiency through strategic consulting, tailored software development, and advanced AI Agent integrations. Check out our website for more tutorials and resources.

License

The MIT License (MIT). Please see LICENSE for more information.