{"id":15561026,"url":"https://github.com/laravel-backpack/permissionmanager","last_synced_at":"2026-01-07T12:14:29.774Z","repository":{"id":8526295,"uuid":"58740020","full_name":"Laravel-Backpack/PermissionManager","owner":"Laravel-Backpack","description":"Admin interface for managing users, roles, permissions, using Backpack CRUD","archived":false,"fork":false,"pushed_at":"2025-03-06T10:09:42.000Z","size":406,"stargazers_count":546,"open_issues_count":1,"forks_count":165,"subscribers_count":29,"default_branch":"main","last_synced_at":"2025-05-08T05:05:10.338Z","etag":null,"topics":["acl","authentication","crud","laravel","permission","user-management"],"latest_commit_sha":null,"homepage":"http://backpackforlaravel.com","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Laravel-Backpack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":".github/support.yml","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-05-13T12:49:34.000Z","updated_at":"2025-05-06T08:06:23.000Z","dependencies_parsed_at":"2024-06-18T10:59:10.342Z","dependency_job_id":"57b2e1e3-0d99-435a-ac46-76ed9c06361f","html_url":"https://github.com/Laravel-Backpack/PermissionManager","commit_stats":{"total_commits":302,"total_committers":61,"mean_commits":4.950819672131147,"dds":0.4105960264900662,"last_synced_commit":"8440126ef649b686fe008215f0b36d7921a1759d"},"previous_names":[],"tags_count":80,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Laravel-Backpack%2FPermissionManager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Laravel-Backpack%2FPermissionManager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Laravel-Backpack%2FPermissionManager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Laravel-Backpack%2FPermissionManager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Laravel-Backpack","download_url":"https://codeload.github.com/Laravel-Backpack/PermissionManager/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254043765,"owners_count":22005012,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acl","authentication","crud","laravel","permission","user-management"],"created_at":"2024-10-02T16:04:55.652Z","updated_at":"2026-01-07T12:14:29.708Z","avatar_url":"https://github.com/Laravel-Backpack.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Backpack\\PermissionManager\n\n[![Latest Version on Packagist][ico-version]](link-packagist)\n[![Software License][ico-license]](LICENSE.md)\n[![Style CI](https://styleci.io/repos/58740020/shield)](https://styleci.io/repos/58740020)\n[![Total Downloads][ico-downloads]][link-downloads]\n\nAdmin interface for [spatie/laravel-permission](https://github.com/spatie/laravel-permission). It allows admins to easily add/edit/remove users, roles and permissions, using [Laravel Backpack](https://laravelbackpack.com).\n\nAs opposed to some other packages:\n- a user can have multiple roles;\n- a user can have extra permissions, in addition to the permissions on the roles he has;\n\nThis package is just a user interface for [spatie/laravel-permission](https://github.com/spatie/laravel-permission). It will install it, and let you use its API in code. Please refer to their README for more information on how to use in code.\n\n![Edit a user in Backpack/PermissionManager](https://user-images.githubusercontent.com/1032474/149489620-a3e54d6e-db5f-4241-9afc-dc9451e54b64.gif)\n\n\n\n\u003e ### Security updates and breaking changes\n\u003e Please **[subscribe to the Backpack Newsletter](http://backpackforlaravel.com/newsletter)** so you can find out about any security updates, breaking changes or major features. We send an email every 1-2 months.\n\n\n## Install\n\n0) This package assumes you've already installed [Backpack for Laravel](https://backpackforlaravel.com). If you haven't, please [install Backpack first](https://backpackforlaravel.com/docs/installation).\n\n1) In your terminal:\n\n``` bash\ncomposer require backpack/permissionmanager\n```\n\n2) Finish all installation steps for [spatie/laravel-permission](https://github.com/spatie/laravel-permission#installation), which has been pulled as a dependency. Run its migrations. Publish its config files. Most likely it's:\n```shell\nphp artisan vendor:publish --provider=\"Spatie\\Permission\\PermissionServiceProvider\" --tag=\"permission-migrations\"\nphp artisan migrate\nphp artisan vendor:publish --provider=\"Spatie\\Permission\\PermissionServiceProvider\" --tag=\"permission-config\"\n// then, add the Spatie\\Permission\\Traits\\HasRoles trait to your User model(s)\n```\n\n3) Publish `backpack\\permissionmanager` config file \u0026 the migrations:\n```bash\nphp artisan vendor:publish --provider=\"Backpack\\PermissionManager\\PermissionManagerServiceProvider\" --tag=\"config\" --tag=\"migrations\"\n```\n\u003e Note: _We recommend you to publish only the config file and migrations, but you may also publish lang and routes._\n\n4) Run the migrations:\n```bash\nphp artisan migrate\n```\n\n5) The package assumes it's ok to use the default Backpack user model (most likely ```App\\Models\\User``` to administer Users. Use a different one if you'd like by changing the user model in the ```config/backpack/permissionmanager.php``` file. Any model you're using, make sure it's using the ```CrudTrait``` and ```HasRoles``` traits:\n```php\n\u003c?php namespace App\\Models;\n\nuse Backpack\\CRUD\\app\\Models\\Traits\\CrudTrait; // \u003c------------------------------- this one\nuse Spatie\\Permission\\Traits\\HasRoles;// \u003c---------------------- and this one\nuse Illuminate\\Foundation\\Auth\\User as Authenticatable;\n\nclass User extends Authenticatable\n{\n    use CrudTrait; // \u003c----- this\n    use HasRoles; // \u003c------ and this\n\n    /**\n     * Your User Model content\n     */\n```\n\n6) [Optional] Add a menu item for it in ```resources/views/vendor/backpack/ui/inc/menu_items.blade.php```:\n\n```html\n\u003cx-backpack::menu-dropdown title=\"Add-ons\" icon=\"la la-puzzle-piece\"\u003e\n    \u003cx-backpack::menu-dropdown-header title=\"Authentication\" /\u003e\n    \u003cx-backpack::menu-dropdown-item title=\"Users\" icon=\"la la-user\" :link=\"backpack_url('user')\" /\u003e\n    \u003cx-backpack::menu-dropdown-item title=\"Roles\" icon=\"la la-group\" :link=\"backpack_url('role')\" /\u003e\n    \u003cx-backpack::menu-dropdown-item title=\"Permissions\" icon=\"la la-key\" :link=\"backpack_url('permission')\" /\u003e\n\u003c/x-backpack::menu-dropdown\u003e\n```\n\n7) [Optional] If you want to use the ```@can``` handler inside Backpack routes, you can:\n\n(7.A.) Change Backpack to use the default ```web``` guard instead of its own guard. Inside ```config/backpack/base.php``` change:\n```diff\n    // The guard that protects the Backpack admin panel.\n    // If null, the config.auth.defaults.guard value will be used.\n-   'guard' =\u003e 'backpack',\n+   'guard' =\u003e null,\n```\nNote:\n- when you add new roles and permissions, the guard that gets saved in the database will be \"web\";\n\nOR\n\n(7.B.) Add a middleware to all your Backpack routes by adding this to your ```config/backpack/base.php``` file:\n```diff\n    // The classes for the middleware to check if the visitor is an admin\n    // Can be a single class or an array of classes\n    'middleware_class' =\u003e [\n        App\\Http\\Middleware\\CheckIfAdmin::class,\n        \\Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull::class,\n+       Backpack\\CRUD\\app\\Http\\Middleware\\UseBackpackAuthGuardInsteadOfDefaultAuthGuard::class,\n    ],\n```\n\nWhy? `spatie/laravel-permission` uses the ```Auth``` facade for determining permissions with ```@can```. The ```Auth``` facade uses the default guard defined in ```config/auth.php```, NOT our backpack guard.\n\nPlease note:\n- this will make ```auth()``` return the exact same thing as ```backpack_auth()``` on Backpack routes;\n- you only need this if you want to use ```@can```; you can just as well use ```@if(backpack_user()-\u003ecan('read'))```, which does the exact same thing, but works 100% of the time;\n- when you add new roles and permissions, the guard that gets saved in the database will be \"backpack\";\n\n\n8) [Optional] Disallow create/update on your roles or permissions after you define them, using the config file in **config/backpack/permissionmanager.php**. Please note permissions and roles are referenced in code using their name. If you let your admins edit these strings and they do, your permission and role checks will stop working.\n\n\n## Customize UserCrudController\n\nIf you would like to add more fields to the default user controller provided by this package, you can bind your own controller to overwrite the one provided in this package:\n\n```php\n// in some ServiceProvider, AppServiceProvider for example\n\n$this-\u003eapp-\u003ebind(\n    \\Backpack\\PermissionManager\\app\\Http\\Controllers\\UserCrudController::class, //this is package controller\n    \\App\\Http\\Controllers\\Admin\\UserCrudController::class //this should be your own controller\n);\n\n// this tells Laravel that when UserCrudController is requested, your own UserCrudController should be served.\n```\n\n\n## API Usage\n\nBecause the package requires [spatie/laravel-permission](https://github.com/spatie/laravel-permission), the API will be the same. Please refer to their README file for a complete API. Here's a summary though:\n\n\n### Using permissions\n\nA permission can be given to a user:\n\n``` bash\nbackpack_user()-\u003egivePermissionTo('edit articles');\n```\nA permission can be revoked from a user:\n``` bash\nbackpack_user()-\u003erevokePermissionTo('edit articles');\n```\nYou can test if a user has a permission:\n``` bash\nbackpack_user()-\u003ehasPermissionTo('edit articles');\n```\n\nSaved permissions will be registered with the Illuminate\\Auth\\Access\\Gate-class. So you can test if a user has a permission with Laravel's default can-function.\n``` bash\nbackpack_user()-\u003ecan('edit articles');\n```\n### Using roles and permissions\n\nA role can be assigned to a user:\n``` bash\nbackpack_user()-\u003eassignRole('writer');\n```\nA role can be removed from a user:\n``` bash\nbackpack_user()-\u003eremoveRole('writer');\n```\nYou can determine if a user has a certain role:\n``` bash\nbackpack_user()-\u003ehasRole('writer');\n```\nYou can also determine if a user has any of a given list of roles:\n``` bash\nbackpack_user()-\u003ehasAnyRole(Role::all());\n```\nYou can also determine if a user has all of a given list of roles:\n``` bash\nbackpack_user()-\u003ehasAllRoles(Role::all());\n```\nThe assignRole, hasRole, hasAnyRole, hasAllRoles and removeRole-functions can accept a string, an array, a Role-object or an \\Illuminate\\Support\\Collection-object.\n\nA permission can be given to a role:\n``` bash\n$role-\u003egivePermissionTo('edit articles');\n```\nYou can determine if a role has a certain permission:\n``` bash\n$role-\u003ehasPermissionTo('edit articles');\n```\nA permission can be revoked from a role:\n``` bash\n$role-\u003erevokePermissionTo('edit articles');\n```\nThe givePermissionTo and revokePermissionTo-functions can accept a string or a Permission-object.\n\nSaved permission and roles are also registered with the Illuminate\\Auth\\Access\\Gate-class.\n\n``` bash\nbackpack_user()-\u003ecan('edit articles');\n```\n### Using blade directives\n\nThis package also adds Blade directives to verify whether the currently logged in user has all or any of a given list of roles.\n``` bash\n@role('writer')\n    I\\'m a writer!\n@else\n    I\\'m not a writer...\n@endrole\n@hasrole('writer')\n    I\\'m a writer!\n@else\n    I\\'m not a writer...\n@endhasrole\n@hasanyrole(Role::all())\n    I have one or more of these roles!\n@else\n    I have none of these roles...\n@endhasanyrole\n@hasallroles(Role::all())\n    I have all of these roles!\n@else\n    I don\\'t have all of these roles\n@endhasallroles\n```\n\nYou can use Laravel's native @can directive to check if a user has a certain permission.\n\n## Use permissions in CRUD controllers\n\nCRUD controllers have methods to [dynamically allow or deny access](https://backpackforlaravel.com/docs/6.x/crud-api#access) to operations. The ```$this-\u003ecrud-\u003eallowAccess()``` and ```$this-\u003ecrud-\u003edenyAccess()``` methods control both:\n- the form's navigation buttons display like Add, Edit, Delete and\n- the security access guards, returning a 403 forbidden error when no permission.\n\nIn most cases, you should use `access` and `permission` separately. But if you want to link them together, so a \"permission\" gives \"access\", here is how you can do that too. Reminder: permissions can be assigned to a user either directly or through a role.\n\n1) Define a ```CrudPermissionTrait```\n``` php\nnamespace App\\Traits;\n\nuse Backpack\\CRUD\\app\\Library\\CrudPanel\\CrudPanelFacade as CRUD;\n\n/**\n * CrudPermissionTrait: use Permissions to configure Backpack\n */\ntrait CrudPermissionTrait\n{\n    // the operations defined for CRUD controller\n    public array $operations = ['list', 'show', 'create', 'update', 'delete'];\n\n\n    /**\n     * set CRUD access using spatie Permissions defined for logged in user\n     *\n     * @return void\n     */\n    public function setAccessUsingPermissions()\n    {\n        // default\n        $this-\u003ecrud-\u003edenyAccess($this-\u003eoperations);\n\n        // get context\n        $table = CRUD::getModel()-\u003egetTable();\n        $user = request()-\u003euser();\n\n        // double check if no authenticated user\n        if (!$user) {\n            return; // allow nothing\n        }\n\n        // enable operations depending on permission\n        foreach ([\n            // permission level =\u003e [crud operations]\n            'see' =\u003e ['list', 'show'], // e.g. permission 'users.see' allows to display users\n            'edit' =\u003e ['list', 'show', 'create', 'update', 'delete'], // e.g. 'users.edit' permission allows all operations\n        ] as $level =\u003e $operations) {\n            if ($user-\u003ecan(\"$table.$level\")) {\n                $this-\u003ecrud-\u003eallowAccess($operations);\n            }\n        }\n    }\n}\n```\n\n2) Use the above ```CrudPermissionTrait``` trait in any ````CrudController````, ```UserCrudController``` in this example.\n\n```php\nnamespace App\\Http\\Controllers\\Admin;\n\nuse Backpack\\PermissionManager\\app\\Http\\Controllers\\UserCrudController as BackpackUserCrudController;\n\nclass UserCrudController extends BackpackUserCrudController\n{\n    use \\App\\Traits\\CrudPermissionTrait;\n\n    public function setup()\n    {\n        parent::setup();\n        $this-\u003esetAccessUsingPermissions();\n    }\n}\n```\n\nNow make sure the route uses the right controller:\n\n(3.A) by binding the package controller to your controller as explained in [Customize UserCrudController](https://github.com/Laravel-Backpack/PermissionManager#customize-usercrudcontroller)\n\n```php\n$this-\u003eapp-\u003ebind(\n    \\Backpack\\PermissionManager\\app\\Http\\Controllers\\UserCrudController::class, // package controller\n    \\App\\Http\\Controllers\\Admin\\UserCrudController::class // the controller using CrudPermissionTrait\n);\n```\n\nOR\n\n(3.B) by defining the routes in your own ```routes/backpack/permissionmanager.php``` file as explained in [Overwriting fuctionality](https://github.com/Laravel-Backpack/PermissionManager#overwriting-functionality)\n```php\nRoute::group([\n    'namespace'  =\u003e 'App\\Http\\Controllers\\Admin', // the new namespace\n    'prefix'     =\u003e config('backpack.base.route_prefix', 'admin'),\n    'middleware' =\u003e ['web', backpack_middleware()],\n], function () {\n    // the adapted controllers\n    Route::crud('user', 'UserCrudController');\n    // Route::crud('role', 'RoleCrudController');\n});\nRoute::group([\n    'namespace'  =\u003e '\\Backpack\\PermissionManager\\app\\Http\\Controllers', // the original namespace\n    'prefix'     =\u003e config('backpack.base.route_prefix', 'admin'),\n    'middleware' =\u003e ['web', backpack_middleware()],\n], function () {\n    // to original controllers\n    // not modified yet in this example\n    Route::crud('permission', 'PermissionCrudController');\n    Route::crud('role', 'RoleCrudController');\n});\n```\n\n\nYou may wish to use a ```PermissionSeeder``` to automatically populate the ```permission``` table with permissions corresponding to your code. Here is an example:\n\n```php\nnamespace Database\\Seeders;\n\nuse App\\Models\\User;\nuse Illuminate\\Database\\Seeder;\nuse Backpack\\PermissionManager\\app\\Models\\Permission;\nuse Backpack\\PermissionManager\\app\\Models\\Role;\n\nclass PermissionSeeder extends Seeder\n{\n    /**\n     * Run the database Permission seed.\n\n     * Permissions are fixed in code and are seeded here.\n     * use 'php artisan db:seed --class=PermissionSeeder --force' in production\n     *\n     * @return void\n     */\n    public function run()\n    {\n        // create permission for each combination of table.level\n        collect([ // tables\n            'users',\n            'roles',\n        ])\n            -\u003ecrossJoin([ // levels\n                'see',\n                'edit',\n            ])\n            -\u003eeach(\n                fn (array $item) =\u003e Permission::firstOrCreate([\n                    'name' =\u003e implode('.', $item),\n                ])\n                    -\u003esave()\n            )\n            //\n        ;\n        User::first()\n            -\u003egivePermissionTo(['users.edit']);\n    }\n}\n```\nUse ```php artisan db:seed --class=PermissionSeeder --force``` in production\n\n## Upgrade from 3.x to 4.x\n\nTo upgrade from PermissionManager 3.x to 4.x:\n- upgrade to spatie/laravel-permission 2.28.2+ - do take note that the DB has changed, and they don't provide a track of the changes;\n- require ```backpack/permissionmanager``` version ```4.0.*``` in your ```composer.json``` file;\n- delete your old ```config/backpack/permissionmanager.php``` file;\n- follow the installation steps above;\n\nIf you are upgrading to a Laravel 8 instalation, please note that User Model may have moved from ```App\\User::class``` to ```App\\Models\\User::class```, check if your config is compliant with that change ```config/backpack/permissionmanager.php```.\n\n## Change log\n\nPlease see [CHANGELOG](CHANGELOG.md) for more information what has changed recently.\n\n## Overwriting functionality\n\nIf you need to modify how this works in a project:\n- create a ```routes/backpack/permissionmanager.php``` file; the package will see that, and load _your_ routes file, instead of the one in the package;\n- create controllers/models that extend the ones in the package, and use those in your new routes file;\n- modify anything you'd like in the new controllers/models;\n\nWhen creating your own controllers, seeders, make sure you use the ```BackpackUser``` model, instead of the ```User``` model in your app. The easiest would be to use ```config('backpack.base.user_model_fqn')``` which pulls in the User model fully qualified namespace, as defined in your ```config/backpack/base.php```. You might need to instantiate it using ```$model = config('backpack.base.user_model_fqn'); $model = new $model;``` in order to do things like ```$model-\u003ewhere(...)```.\n\n## Contributing\n\nPlease see [CONTRIBUTING](CONTRIBUTING.md) for details.\n\n## Security\n\nIf you discover any security related issues, please email tabacitu@backpackforlaravel.com instead of using the issue tracker.\n\nPlease **[subscribe to the Backpack Newsletter](http://backpackforlaravel.com/newsletter)** so you can find out about any security updates, breaking changes or major features. We send an email every 1-2 months.\n\n## Credits\n\n- [Marius Constantin][link-author2] - Lead Developer\n- [Cristian Tabacitu][link-author] - Maintainer\n- [All Contributors][link-contributors]\n\n## License\n\nBackpack is free for non-commercial use and 49 EUR/project for commercial use. Please see [License File](LICENSE.md) and [backpackforlaravel.com](https://backpackforlaravel.com/#pricing) for more information.\n\n## Hire us\n\nWe've spend more than 50.000 hours creating, polishing and maintaining administration panels on Laravel. We've developed e-Commerce, e-Learning, ERPs, social networks, payment gateways and much more. We've worked on admin panels _so much_, that we've created one of the most popular software in its niche - just from making public what was repetitive in our projects.\n\nIf you are looking for a developer/team to help you build an admin panel on Laravel, look no further. You'll have a difficult time finding someone with more experience \u0026 enthusiasm for this. This is _what we do_. [Contact us](https://backpackforlaravel.com/need-freelancer-or-development-team). Let's see if we can work together.\n\n\n[ico-version]: https://img.shields.io/packagist/v/backpack/permissionmanager.svg?style=flat-square\n[ico-license]: https://img.shields.io/badge/license-dual-blue?style=flat-square\n[ico-travis]: https://img.shields.io/travis/laravel-backpack/permissionmanager/master.svg?style=flat-square\n[ico-scrutinizer]: https://img.shields.io/scrutinizer/coverage/g/laravel-backpack/permissionmanager.svg?style=flat-square\n[ico-code-quality]: https://img.shields.io/scrutinizer/g/laravel-backpack/permissionmanager.svg?style=flat-square\n[ico-downloads]: https://img.shields.io/packagist/dt/backpack/permissionmanager.svg?style=flat-square\n\n[link-packagist]: https://packagist.org/packages/backpack/permissionmanager\n[link-travis]: https://travis-ci.org/laravel-backpack/permissionmanager\n[link-scrutinizer]: https://scrutinizer-ci.com/g/laravel-backpack/permissionmanager/code-structure\n[link-code-quality]: https://scrutinizer-ci.com/g/laravel-backpack/permissionmanager\n[link-downloads]: https://packagist.org/packages/backpack/permissionmanager\n[link-author]: http://tabacitu.ro\n[link-author2]: http://updivision.com\n[link-contributors]: ../../contributors\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaravel-backpack%2Fpermissionmanager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaravel-backpack%2Fpermissionmanager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaravel-backpack%2Fpermissionmanager/lists"}