Skip to content
This repository has been archived by the owner. It is now read-only.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Access - RBAC for Laravel 4 Build Status

My stab at an RBAC system for Laravel 4.

This is probably extremely query intensive and I have not made many attempts to optimize the number of queries ran/in-memory caching being done.

I wrote this with the intention of using it on small systems with a low number of concurrent users. It is made for systems where you need to control permissions on row-basis rather than just some generalized roles and permissions.


Bug reports, feature suggestions and code improvements are highly welcome. If you make a pull request, do make sure that your changes pass the unit tests.

Use the github issue system! If you just want to have a chat, look for me in #laravel on freenode.



  • PHP 5.4 or higher
  • Laravel 4.1 or higher


composer require anlutro/access

Check or the github tag list for the latest stable release, or use dev-master if you like living on the edge.

Copy migrations

Copy migrations from vendor/anlutro/access/src/migrations to your app's migration directory. Alternatively, run them with php artisan migrate --package anlutro/access if you just want to play around with the system - copying the migration files manually is recommended for production setups.

Create your user model

Because you probably want to put your own functions and fields on the User model/table, you create the user model yourself. There are two ways to do this and ensure it works with the RBAC system - inheritance (extending a base class) or traits.

class MyUser extends anlutro\Access\Models\User {}

class MyUser extends Eloquent implements anlutro\Access\Interfaces\SubjectInterface
	use anlutro\Access\Traits\UserSubject;

You are responsible for creating the user table. Remember to update your app/config/auth.php file to reflect your model.

Create one or more resource models

Again you can do this with inheritance or traits:

class MyResource extends anlutro\Access\Models\Resource {}

class MyResource extends Eloquent implements anlutro\Access\Interfaces\ResourceInterface
	use anlutro\Access\Traits\ResourceSubject;

You are responsible for creating any resource tables.


First, we need to create some permissions.

use anlutro\Access\Models\Permission;
$lowPermission = Permission::create(['name' => 'Normal Permission']);
$highPermission = Permission::create(['name' => 'High Level Permission']);

Then, let's assign some permissions to actions on one of our resource models. Resource actions with no permissions assigned to them are allowed by default, so be careful.

MyResource::addGlobalPermissionTo('show', $lowPermission);
MyResource::addGlobalPermissionTo('create', $lowPermission);
MyResource::addGlobalPermissionTo('create', $highPermission);
// MyResource::removeGlobalPermissionTo('create', $highPermission);

You can also assign permissions required on specific resources.

$resource = MyResource::first();
$res->addPermissionTo('create', $superHighPermission);
// $res->removePermissionTo('create', $superHighPermission);

Let's create a couple of roles. This step is optional, permissions can be added to users directly if you like - the syntax is exactly the same.

use anlutro\Access\Models\Role;
$userRole = Role::create(['name' => 'User Role']);
$adminRole = Role::create(['name' => 'Admin Role']);
$bannedRole = Role::create(['name' => 'Banned']);

Let's assign the user role to one of our users.

$user = User::first();
// $user->removeRole($userRole);

Now, the user should have access to show, but not create a MyResource.

$resource = MyResource::first();
var_dump( $user->hasPermissionTo('show', $resource) );
$resource = new MyResource;
var_dump( $user->hasPermissionTo('create', $resource) );

If we assign the user the admin role, however, he should have access to create as well.

var_dump( $user->hasPermissionTo('create', $resource) );

Most of the time you'll be running these checks against the currently logged in user. The Access facade has some handy shorthand functions for this.

use anlutro\Access\Access;
var_dump( Access::allowed('show', $resource) );
var_dump( Access::denied('create', $resource) );


The contents of this repository is released under the MIT license.

You can’t perform that action at this time.