This package is abandoned and no longer maintained. The author suggests using the mohamedhekal/guardrail package instead.

Team-scoped roles, abilities, and audited impersonation for Laravel SaaS

Maintainers

Package info

github.com/mohamedhekal/guardrail

pkg:composer/mohamedmohamedhekal/guardrail

Transparency log

Statistics

Installs: 0

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

v0.1.0 2026-07-16 14:23 UTC

This package is auto-updated.

Last update: 2026-07-16 14:40:20 UTC


README

CI License: MIT PHP Laravel

Search terms: laravel, permissions, roles, teams, impersonation, saas, acl, php, laravel-package, rbac, authorization, access-control.

Team-scoped roles, abilities, and audited impersonation for Laravel SaaS—focused on the patterns Spatie-style packages often leave to the app.

Installation

composer require mohamedhekal/guardrail
php artisan vendor:publish --tag=guardrail-config
php artisan migrate

Setup

use Hekal\GuardRail\Concerns\HasGuardRail;

class User extends Authenticatable
{
    use HasGuardRail;
}

Roles & abilities

use Hekal\GuardRail\Facades\GuardRail;

$team = GuardRail::createTeam('Acme', 'acme');
GuardRail::createAbility('Edit orders', 'orders.edit');
GuardRail::createRole('Editor', $team, ['orders.edit'], 'editor');

GuardRail::assignRole($user, 'editor', $team);
GuardRail::can($user, 'orders.edit', $team); // true

Middleware:

Route::middleware('guardrail.ability:orders.edit,acme')->group(...);

Impersonation

GuardRail::startImpersonation($admin, $customer, reason: 'ticket #12', ttlMinutes: 30);
// switch auth in the host app using the target user
GuardRail::stopImpersonation(); // writes ended_at + clears session markers

Limitations (v0.1)

  • No ABAC / policy codegen
  • Global ability check (no team) matches any team assignment that grants it
  • Host app must perform the actual Auth::login during impersonation

Testing

composer install && composer test

License

MIT