Caution
This package is currently in alpha and is not yet ready for production use. APIs and database schemas may change without notice between releases.
A Laravel package that provides a complete API for managing user-configurable dashboards composed of Visualization widgets. The package is API-driven with no frontend opinions, giving you full control over presentation while handling dashboard CRUD, widget management, revision history, and sharing out of the box.
- PHP 8.4
- Laravel 12.x or 13.x
- settleup/visualizations ^1.0
Install the package via Composer:
composer require settleup/dashboardsPublish and run the migrations:
php artisan vendor:publish --tag="dashboards-migrations"
php artisan migrateOptionally publish the config file:
php artisan vendor:publish --tag="dashboards-config"The published config file contains:
return [
'user_model' => config('auth.providers.users.model', 'App\\Models\\User'),
];The user_model key controls which Eloquent model is used for user relationships (dashboard ownership, sharing, revision tracking). It defaults to your application's configured auth user model.
Every dashboard and widget belongs to a section — a logical grouping that scopes which widgets are available and which dashboards are accessible. Sections are defined by implementing the DefinesDashboardSection interface:
use SettleUp\Dashboards\Contracts\DefinesDashboardSection;
enum DashboardSection: string implements DefinesDashboardSection
{
case Finance = 'finance';
case Support = 'support';
public function getSectionKey(): string
{
return $this->value;
}
}The package provides a Route::dashboardSection() macro that mounts all dashboard API routes for a given section. Call it once per section inside your own route group:
use Illuminate\Routing\Middleware\SubstituteBindings;
use Illuminate\Support\Facades\Route;
Route::middleware(['auth:sanctum', SubstituteBindings::class])
->prefix('api')
->group(function () {
Route::dashboardSection(DashboardSection::Finance);
Route::dashboardSection(DashboardSection::Support);
});Each call prefixes all routes with the section key, so the two calls above produce routes under /api/finance/ and /api/support/ respectively.
This registers the following routes per section (shown here for a section key of {section}):
| Method | URI | Description |
|---|---|---|
GET |
/{section}/widgets |
List widgets available in this section |
GET |
/{section}/dashboards |
List dashboards accessible by the authenticated user |
POST |
/{section}/dashboards |
Create a new dashboard |
GET |
/{section}/dashboards/{dashboard} |
Show a dashboard with its widgets and permissions |
PATCH |
/{section}/dashboards/{dashboard} |
Update a dashboard's name and/or widgets |
POST |
/{section}/dashboards/{dashboard}/clone |
Clone a dashboard |
DELETE |
/{section}/dashboards/{dashboard} |
Delete a dashboard |
GET |
/{section}/dashboards/{dashboard}/revisions |
List revision history |
POST |
/{section}/dashboards/{dashboard}/revisions/{revision}/restore |
Restore a previous revision |
POST |
/{section}/dashboards/{dashboard}/shares |
Share a dashboard with a user |
DELETE |
/{section}/dashboards/{dashboard}/shares/{user} |
Remove a user's access to a shared dashboard |
Widgets are DataGrid, Chart, or Metric classes that implement the ShouldRegisterAsWidget interface. This interface opts a visualization class into the dashboard widget catalog.
Add ShouldRegisterAsWidget to any DataGrid, Chart, or Metric class and implement getSection() to declare which section the widget belongs to:
use SettleUp\Dashboards\Contracts\DefinesDashboardSection;
use SettleUp\Dashboards\Contracts\ShouldRegisterAsWidget;
use SettleUp\Visualizations\DataGrids\Abstracts\DataGrid;
class UsersGrid extends DataGrid implements ShouldRegisterAsWidget
{
public function getWidgetName(): string
{
return 'Users';
}
public function getWidgetDescription(): string
{
return 'A grid displaying all users in the system.';
}
public function getSection(): DefinesDashboardSection
{
return DashboardSection::Finance;
}
// ... getColumns(), getQuery(), etc.
}use SettleUp\Dashboards\Contracts\DefinesDashboardSection;
use SettleUp\Dashboards\Contracts\ShouldRegisterAsWidget;
use SettleUp\Visualizations\Charts\Abstracts\Chart;
class RevenueChart extends Chart implements ShouldRegisterAsWidget
{
public function getWidgetName(): string
{
return 'Monthly Revenue';
}
public function getWidgetDescription(): string
{
return 'A chart showing monthly revenue trends.';
}
public function getSection(): DefinesDashboardSection
{
return DashboardSection::Finance;
}
// ... getLabel(), getDatasets(), getQuery(), etc.
}use SettleUp\Dashboards\Contracts\DefinesDashboardSection;
use SettleUp\Dashboards\Contracts\ShouldRegisterAsWidget;
use SettleUp\Visualizations\Metrics\Abstracts\Metric;
class ActiveUsersMetric extends Metric implements ShouldRegisterAsWidget
{
public function getWidgetName(): string
{
return 'Active Users';
}
public function getWidgetDescription(): string
{
return 'Count of users active in the last 30 days.';
}
public function getSection(): DefinesDashboardSection
{
return DashboardSection::Finance;
}
// ... getValue(), etc.
}Each widget belongs to exactly one section. The widget API only returns widgets that match the section of the route it is called from.
Register all widget classes discovered under app_path():
php artisan widget:registerOr target a specific directory:
php artisan widget:register --path=app/FinanceOr register a specific class by name:
php artisan widget:register "App\\Grids\\UsersGrid"The command uses updateOrCreate on the widget key, so it is safe to run repeatedly. You may want to call it as part of your deployment process to keep the widget catalog in sync.
GET /api/{section}/dashboards
Returns all dashboards owned by or shared with the authenticated user. Each entry includes id, name, and user_id.
POST /api/{section}/dashboards
{
"name": "My Dashboard"
}GET /api/{section}/dashboards/{id}
Returns the full dashboard with its widgets, owner, shared users, and permission flags:
{
"dashboard": {
"id": 1,
"name": "My Dashboard",
"user_id": 1,
"user": { "..." },
"shared_with": [],
"dashboard_widgets": [
{
"id": 1,
"widget_id": 3,
"name": "Custom Widget Name",
"column_span": 6,
"sort_order": 0,
"filter_sets": null,
"sorts": null,
"visibility": null,
"widget": { "..." }
}
]
},
"can": {
"update": true,
"delete": true,
"share": true
}
}The can object tells the frontend which actions to display for the current user.
PATCH /api/{section}/dashboards/{id}
You can update the name, the widgets, or both. A revision of the current state is automatically created before any changes are applied.
{
"name": "Updated Name",
"widgets": [
{
"widget_id": 3,
"name": "Custom Name",
"column_span": 6,
"filter_sets": null,
"sorts": null,
"visibility": [
{ "field": "email", "is_hidden": true }
]
},
{
"widget_id": 5,
"name": null,
"column_span": 12
}
]
}The order of the widgets array determines the sort_order on the dashboard. Each widget supports:
| Field | Type | Description |
|---|---|---|
widget_id |
integer, required | References a registered widget |
name |
string, nullable | Custom display name (falls back to widget's default name) |
column_span |
integer, required | Width in a 12-column grid (min: 3, max: 12) |
filter_sets |
array, nullable | Persisted filter configuration |
sorts |
array, nullable | Persisted sort configuration |
visibility |
array, nullable | Array of { field, is_hidden } objects for datagrid columns |
POST /api/{section}/dashboards/{id}/clone
Creates a copy of the dashboard (named "{original} (Copy)") owned by the authenticated user. Both owners and shared users can clone.
DELETE /api/{section}/dashboards/{id}
Owner only. Returns 204 No Content.
Every update and revision restore automatically creates a snapshot of the current dashboard state before making changes. This ensures you always have an undo path. The package keeps the 50 most recent revisions per dashboard.
GET /api/{section}/dashboards/{id}/revisions
Returns up to 50 revisions, ordered newest first, including the user who made each change.
POST /api/{section}/dashboards/{id}/revisions/{revision_id}/restore
Restores the dashboard to the state captured in the given revision. A new revision of the current state is created first, so the restore itself can be undone.
Dashboard owners can share their dashboards with other users, granting them read-only access (view and clone, but not edit or delete).
POST /api/{section}/dashboards/{id}/shares
{
"user_id": 5
}Sharing is idempotent. Sharing with yourself returns a 422 validation error.
DELETE /api/{section}/dashboards/{id}/shares/{user_id}
The package ships with a DashboardPolicy that is automatically registered. The authorization rules are:
| Action | Who Can Perform |
|---|---|
| View | Owner or any shared user |
| Create | Any authenticated user |
| Update | Owner only |
| Delete | Owner only |
| Share | Owner only |
| Restore Revision | Owner only |
The package creates the following tables:
dashboards- Stores dashboard records withuser_id(owner),name, andsectionwidgets- Widget catalog withkey,name,description,type(datagrid/chart/metric),widget_class,route_path, andsectiondashboard_widgets- Pivot linking dashboards to widgets, storing layout (column_span,sort_order) and state (filter_sets,sorts,visibility)dashboard_shares- Pivot linking dashboards to shared usersdashboard_revisions- Stores JSON snapshots of dashboard state for revision history
composer testPlease see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
Please review our security policy on how to report security vulnerabilities.
The MIT License (MIT). Please see License File for more information.