timo-de-winter / filament-authorization
Easy authorization system for filament, with advanced features to inject permissions from different places.
Fund package maintenance!
timo-de-winter
Requires
- php: ^8.3
- filament/filament: ^3.3
- illuminate/contracts: ^10.0||^11.0||^12.0
- spatie/laravel-package-tools: ^1.16
- spatie/laravel-permission: ^6.21
- timo-de-winter/filament-modifiable-plugins: ^2.1
Requires (Dev)
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.1.1||^7.10.0
- orchestra/testbench: ^10.0.0||^9.0.0||^8.22.0
- pestphp/pest: ^3.0
- pestphp/pest-plugin-arch: ^3.0
- pestphp/pest-plugin-laravel: ^3.0
This package is auto-updated.
Last update: 2025-09-22 11:14:45 UTC
README
Easy authorization system for filament, with advanced features to inject permissions from different places.
Installation
You can install the package via composer:
composer require timo-de-winter/filament-authorization
Migrations
This package makes use of spatie/laravel-permission
, so if you have not done so already, publish the migrations for this plugin:
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"
Prepare your model
Follow these instructions to prepare your model to work with roles.
Configuration
You can optionally publish the config file with:
php artisan vendor:publish --tag="filament-authorization-config"
This is the contents of the published config file:
return [ 'guard' => [ 'modifiable' => false, 'default' => 'web', ], ];
Optionally, you can publish the views using
php artisan vendor:publish --tag="filament-authorization-views"
Usage
$panel ->plugin( \TimoDeWinter\FilamentAuthorization\FilamentAuthorizationPlugin::make(), ); // You can chain modifications to the resource. (see timo-de-winter/filament-modifiable-plugins for all options) $panel ->plugin( \TimoDeWinter\FilamentAuthorization\FilamentAuthorizationPlugin::make() ->navigationSort(3), );
Providing/injecting permissions
The philosophy of this package is that permissions are defined by your application and not by the permissions as stated in your database. This is useful when you're working with a package-first strategy. My problem was that I want my packages to work independently from each other, but most of the time a lot of them are combined to create a bigger product. Within those applications I want a single resource for role management that allows for any permissions provided by any of the packages to be attached. Since the packages work standalone and can also choose to disable their permission system it is important that there was one modular approach to inject permissions from any of the packages.
Injecting permissions is very easy and can be done in any service provider. The structure is as follows:
- Tabs (optional)
- Prefix
- Permission
Tabs are used to group permissions together in a tab in the resource to give more clarity to the user. You might have a tab named "Default" and one named "Advanced". If there is only 1 tab in total, we do not show tabs at all. Prefixes are mainly used to group permissions together under a given prefix to prevent overlap. And then of course there are permissions.
// This is the most simple way to do it \TimoDeWinter\FilamentAuthorization\Facades\FilamentAuthorization::registerPermission( permission: [ 'view' => __('filament-authorization::labels.view'), 'update' => __('filament-authorization::labels.update'), 'create' => __('filament-authorization::labels.create'), 'delete' => __('filament-authorization::labels.delete'), ], prefix: 'roles', prefixTranslation: __('filament-authorization::labels.roles'), tab: 'Authorization', // Optional (defaults to "Default") );
Synchronisation command
The package comes with a command to synchronize all permissions to the database. In most use cases it would be smart to add this command to your deployment script:
php artisan authorization:sync-permissions
Admin role and user command
The package comes with a command to easily create an admin role and assign it to a user from the console.
php artisan authorization:create-admin-role
Testing
composer test
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.