mohamedmohamedhekal / guardrail
This package is abandoned and no longer maintained.
The author suggests using the mohamedhekal/guardrail package instead.
Team-scoped roles, abilities, and audited impersonation for Laravel SaaS
v0.1.0
2026-07-16 14:23 UTC
Requires
- php: ^8.2
- illuminate/auth: ^11.0|^12.0
- illuminate/contracts: ^11.0|^12.0
- illuminate/database: ^11.0|^12.0
- illuminate/events: ^11.0|^12.0
- illuminate/http: ^11.0|^12.0
- illuminate/support: ^11.0|^12.0
Requires (Dev)
- laravel/pint: ^1.18
- orchestra/testbench: ^9.0|^10.0
- pestphp/pest: ^3.0
- pestphp/pest-plugin-laravel: ^3.0
- phpstan/phpstan: ^2.0
README
Search terms: laravel, permissions, roles, teams, impersonation, saas, acl, php, laravel-package, rbac, authorization, access-control.
Team-scoped roles, abilities, and audited impersonation for Laravel SaaS—focused on the patterns Spatie-style packages often leave to the app.
Installation
composer require mohamedhekal/guardrail php artisan vendor:publish --tag=guardrail-config php artisan migrate
Setup
use Hekal\GuardRail\Concerns\HasGuardRail; class User extends Authenticatable { use HasGuardRail; }
Roles & abilities
use Hekal\GuardRail\Facades\GuardRail; $team = GuardRail::createTeam('Acme', 'acme'); GuardRail::createAbility('Edit orders', 'orders.edit'); GuardRail::createRole('Editor', $team, ['orders.edit'], 'editor'); GuardRail::assignRole($user, 'editor', $team); GuardRail::can($user, 'orders.edit', $team); // true
Middleware:
Route::middleware('guardrail.ability:orders.edit,acme')->group(...);
Impersonation
GuardRail::startImpersonation($admin, $customer, reason: 'ticket #12', ttlMinutes: 30); // switch auth in the host app using the target user GuardRail::stopImpersonation(); // writes ended_at + clears session markers
Limitations (v0.1)
- No ABAC / policy codegen
- Global ability check (no team) matches any team assignment that grants it
- Host app must perform the actual Auth::login during impersonation
Testing
composer install && composer test
License
MIT