Laravel 5 ACL (permissions and roles)
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Change methods access to be able to overwrite them Jul 13, 2015
.gitignore Init May 13, 2015
composer.json composer.json dependencies updated for Laravel 5.1 Jun 16, 2015 mend Jun 17, 2015

ACL For Laravel 5

Access control list implementation form Laravel 5. Gives you roles and permissions for build in Laravel 5 Auth.


  • CRUD for roles
  • CRUD fot permissions
  • Route middleware for checking user permissions
  • Artisan command for parsing and adding newly created ACL dependant modules
  • Composer installable
  • PSR4 auto loading
  • PSR2 code formatting


Build only for Laravel Framework only! The package required Glyph icons (

"require": {
	"php": ">=5.5.9",
	"illuminate/foundation": "5.*",
	"illuminate/contracts": "5.*",
	"illuminate/database": "5.*",
	"illuminate/routing": "5.*",
	"illuminate/support": "5.*",
	"illuminate/view": "5.*",
	"illuminate/html": "5.*"


Require package at your composer.json file like so

    "require": {
        "aginev/acl": "1.1.*"

Tell composer to update your dependencies

composer update

Or in terminal

composer require aginev/acl:1.1.*

Add Service Provider to your config/app.php like so


Publish package assets

php artisan vendor:publish --provider="Aginev\Acl\AclServiceProvider" --tag="public"

Add package CSS to your layout

<link href="{{ asset('/vendor/acl/css/style.css') }}" rel="stylesheet">

Add package javascript to your layout.

  • script.js to be able to define role permission easily
  • restful.js to be able to execute RESTful delete

Feel free to make your own implementation if you don't have one already.

<script src="{{ asset('/vendor/acl/js/script.js') }}"></script>
<script src="{{ asset('/vendor/acl/js/restful.js') }}"></script>

Add Laravel csrf token as a javascript object. Required only if use restful.js.

	Laravel = {
		_token: '{{ csrf_token() }}'

Run package migrations. You need to have your users table migrated.

php artisan migrate --path="vendor/aginev/acl/src/Database/Migrations"

Seed the roles table. By default it will create two roles- No Permissions and Admin. No Permissions roles will be considered as a default role. You will be not able to delete this role. When deleting other role, all users using deleted role will be assigned to No Permissions role. By default the seeder will add all resources requesting ACL and will assign them to Admin role.

php artisan db:seed --class="Aginev\Acl\Database\Seeds\RolesTableSeeder"

Modify one or more of your users to have a valid role_id. By default the added role_id foreign key will have a value of NULL

Add ACL user trait to your User model. It will add definition for the relation between roles and users table;

use \Aginev\Acl\Http\Traits\User;

At this point you have ACL up and running. Access roles and permissions CRUD at:



Not happy with the route prefix? Publish the package config and edit routes_prefix value for your own or leave it blank for no prefix.

php artisan vendor:publish --provider="Aginev\Acl\AclServiceProvider" --tag="config"

Edit route prefix

// Package route prefix. Set to blank for no prefix
'routes_prefix' => 'what-ever-you-want',

Package has a pagination in index views. If you need more items per page, edit per_page_results (default to 25) value at the config.

// Pagination per page results
'per_page_results' => 50,

To define custom error messages format, edit validation_errors_format value at the config. This format will be applied only if your controllers are extending ACL base controller (\Aginev\Acl\Http\Controllers\AclController).

// validation errors format. Set to blank for default
'validation_errors_format' => '<label class="error text-danger">:message</label>',

And the most important thing... you want your controller to be ACL dependent. There two options for this.

1.Add ACL middleware at your controller constructor.


2.Route group at routes.php

Route::group(['middleware' => 'acl'], function () {
	Route::get('group', 'SomeController@index');

After defining a ACL protected controllers like this you are able to run artisan command that will add all the routes in the permissions table

php artisan acl:fill-permissions

If you want to assign new permissions to role you can do it like so

php artisan acl:fill-permissions --assign-to-roles=2

Where 2 is the role_id. If you want pass many roles do it with comma separates list If you want to assign new permissions to role you can do it like so

php artisan acl:fill-permissions --assign-to-roles=1,2

Modifying default view

To modify default views you need to publish them

php artisan vendor:publish --provider="Aginev\Acl\AclServiceProvider" --tag="views"


Publish migrations

php artisan vendor:publish --provider="Aginev\Acl\AclServiceProvider" --tag="migrations"

Publish seeds

php artisan vendor:publish --provider="Aginev\Acl\AclServiceProvider" --tag="seeds"