{"id":13828307,"url":"https://github.com/php-casbin/laravel-authz","last_synced_at":"2025-05-14T20:04:10.723Z","repository":{"id":37561769,"uuid":"174144975","full_name":"php-casbin/laravel-authz","owner":"php-casbin","description":"An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel.","archived":false,"fork":false,"pushed_at":"2025-02-25T15:42:48.000Z","size":99,"stargazers_count":301,"open_issues_count":1,"forks_count":51,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-04-13T15:09:40.152Z","etag":null,"topics":["abac","access-control","acl","authorization","casbin","gate","laravel","middleware","passport","permissions","rbac"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/php-casbin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-06T12:53:32.000Z","updated_at":"2025-04-13T04:23:57.000Z","dependencies_parsed_at":"2024-08-04T09:08:16.333Z","dependency_job_id":"d62caffa-b44e-4d99-9dbd-1d3598382198","html_url":"https://github.com/php-casbin/laravel-authz","commit_stats":{"total_commits":47,"total_committers":10,"mean_commits":4.7,"dds":"0.46808510638297873","last_synced_commit":"fd164639c3e638794f0fb65b413e7b1874eb8b72"},"previous_names":[],"tags_count":39,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/php-casbin%2Flaravel-authz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/php-casbin%2Flaravel-authz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/php-casbin%2Flaravel-authz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/php-casbin%2Flaravel-authz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/php-casbin","download_url":"https://codeload.github.com/php-casbin/laravel-authz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248732486,"owners_count":21152852,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","access-control","acl","authorization","casbin","gate","laravel","middleware","passport","permissions","rbac"],"created_at":"2024-08-04T09:02:40.709Z","updated_at":"2025-04-13T15:10:00.347Z","avatar_url":"https://github.com/php-casbin.png","language":"PHP","funding_links":[],"categories":["PHP"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\r\n    Laravel Authorization\r\n\u003c/h1\u003e\r\n\r\n\u003cp align=\"center\"\u003e\r\n    \u003cstrong\u003eLaravel-authz is an authorization library for the laravel framework.\u003c/strong\u003e    \r\n\u003c/p\u003e\r\n\r\n\u003cp align=\"center\"\u003e\r\n    \u003ca href=\"https://github.com/php-casbin/laravel-authz/actions\"\u003e\r\n        \u003cimg src=\"https://github.com/php-casbin/laravel-authz/actions/workflows/phpunit.yml/badge.svg\" alt=\"PHPUnit Status\"\u003e\r\n    \u003c/a\u003e\r\n    \u003ca href=\"https://coveralls.io/github/php-casbin/laravel-authz\"\u003e\r\n        \u003cimg src=\"https://coveralls.io/repos/github/php-casbin/laravel-authz/badge.svg\" alt=\"Coverage Status\"\u003e\r\n    \u003c/a\u003e\r\n    \u003ca href=\"https://packagist.org/packages/casbin/laravel-authz\"\u003e\r\n        \u003cimg src=\"https://poser.pugx.org/casbin/laravel-authz/v/stable\" alt=\"Latest Stable Version\"\u003e\r\n    \u003c/a\u003e\r\n     \u003ca href=\"https://packagist.org/packages/casbin/laravel-authz\"\u003e\r\n        \u003cimg src=\"https://poser.pugx.org/casbin/laravel-authz/downloads\" alt=\"Total Downloads\"\u003e\r\n    \u003c/a\u003e\r\n    \u003ca href=\"https://packagist.org/packages/casbin/laravel-authz\"\u003e\r\n        \u003cimg src=\"https://poser.pugx.org/casbin/laravel-authz/license\" alt=\"License\"\u003e\r\n    \u003c/a\u003e\r\n\u003c/p\u003e\r\n\r\nIt's based on [Casbin](https://github.com/php-casbin/php-casbin), an authorization library that supports access control models like ACL, RBAC, ABAC.\r\n\r\nAll you need to learn to use `Casbin` first.\r\n\r\n* [Installation](#installation)\r\n* [Usage](#usage)\r\n  * [Quick start](#quick-start)\r\n  * [Using Enforcer Api](#using-enforcer-api)\r\n  * [Using a middleware](#using-a-middleware)\r\n    * [basic Enforcer Middleware](#basic-enforcer-middleware)\r\n    * [HTTP Request Middleware ( RESTful is also supported )](#http-request-middleware--restful-is-also-supported-)\r\n  * [Using Gates](#using-gates)\r\n  * [Multiple enforcers](#multiple-enforcers)\r\n  * [Using artisan commands](#using-artisan-commands)\r\n  * [Cache](#using-cache)\r\n* [Thinks](#thinks)\r\n* [License](#license)\r\n\r\n## Installation\r\n\r\nRequire this package in the `composer.json` of your Laravel project. This will download the package.\r\n\r\n```\r\ncomposer require casbin/laravel-authz\r\n```\r\n\r\nThe `Lauthz\\LauthzServiceProvider` is `auto-discovered` and registered by default, but if you want to register it yourself:\r\n\r\nAdd the ServiceProvider in `config/app.php`\r\n\r\n```php\r\n'providers' =\u003e [\r\n    /*\r\n     * Package Service Providers...\r\n     */\r\n    Lauthz\\LauthzServiceProvider::class,\r\n]\r\n```\r\n\r\nThe Enforcer facade is also `auto-discovered`, but if you want to add it manually:\r\n\r\nAdd the Facade in `config/app.php`\r\n\r\n```php\r\n'aliases' =\u003e [\r\n    // ...\r\n    'Enforcer' =\u003e Lauthz\\Facades\\Enforcer::class,\r\n]\r\n```\r\n\r\nTo publish the config, run the vendor publish command:\r\n\r\n```\r\nphp artisan vendor:publish\r\n```\r\n\r\nThis will create a new model config file named `config/lauthz-rbac-model.conf` and a new lauthz config file named `config/lauthz.php`.\r\n\r\n\r\nTo migrate the migrations, run the migrate command:\r\n\r\n```\r\nphp artisan migrate\r\n```\r\n\r\nThis will create a new table named `rules`\r\n\r\n\r\n## Usage\r\n\r\n### Quick start\r\n\r\nOnce installed you can do stuff like this:\r\n\r\n```php\r\n\r\nuse Enforcer;\r\n\r\n// adds permissions to a user\r\nEnforcer::addPermissionForUser('eve', 'articles', 'read');\r\n// adds a role for a user.\r\nEnforcer::addRoleForUser('eve', 'writer');\r\n// adds permissions to a role\r\nEnforcer::addPolicy('writer', 'articles','edit');\r\n\r\n```\r\n\r\nYou can check if a user has a permission like this:\r\n\r\n```php\r\n// to check if a user has permission\r\nif (Enforcer::enforce(\"eve\", \"articles\", \"edit\")) {\r\n    // permit eve to edit articles\r\n} else {\r\n    // deny the request, show an error\r\n}\r\n\r\n```\r\n\r\nBy default, [Gate](https://laravel.com/docs/11.x/authorization#gates) checks will be automatically intercepted\r\n. You can check if a user has a permission with Laravel's default `can` function:\r\n\r\n```php\r\n$user-\u003ecan('articles,read');\r\n```\r\n\r\n### Using Enforcer Api\r\n\r\nIt provides a very rich api to facilitate various operations on the Policy:\r\n\r\nGets all roles:\r\n\r\n```php\r\nEnforcer::getAllRoles(); // ['writer', 'reader']\r\n```\r\n\r\nGets all the authorization rules in the policy.:\r\n\r\n```php\r\nEnforcer::getPolicy();\r\n```\r\n\r\nGets the roles that a user has.\r\n\r\n```php\r\nEnforcer::getRolesForUser('eve'); // ['writer']\r\n```\r\n\r\nGets the users that has a role.\r\n\r\n```php\r\nEnforcer::getUsersForRole('writer'); // ['eve']\r\n```\r\n\r\nDetermines whether a user has a role.\r\n\r\n```php\r\nEnforcer::hasRoleForUser('eve', 'writer'); // true or false\r\n```\r\n\r\nAdds a role for a user.\r\n\r\n```php\r\nEnforcer::addRoleForUser('eve', 'writer');\r\n```\r\n\r\nAdds a permission for a user or role.\r\n\r\n```php\r\n// to user\r\nEnforcer::addPermissionForUser('eve', 'articles', 'read');\r\n// to role\r\nEnforcer::addPermissionForUser('writer', 'articles','edit');\r\n```\r\n\r\nDeletes a role for a user.\r\n\r\n```php\r\nEnforcer::deleteRoleForUser('eve', 'writer');\r\n```\r\n\r\nDeletes all roles for a user.\r\n\r\n```php\r\nEnforcer::deleteRolesForUser('eve');\r\n```\r\n\r\nDeletes a role.\r\n\r\n```php\r\nEnforcer::deleteRole('writer');\r\n```\r\n\r\nDeletes a permission.\r\n\r\n```php\r\nEnforcer::deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).\r\n```\r\n\r\nDeletes a permission for a user or role.\r\n\r\n```php\r\nEnforcer::deletePermissionForUser('eve', 'articles', 'read');\r\n```\r\n\r\nDeletes permissions for a user or role.\r\n\r\n```php\r\n// to user\r\nEnforcer::deletePermissionsForUser('eve');\r\n// to role\r\nEnforcer::deletePermissionsForUser('writer');\r\n```\r\n\r\nGets permissions for a user or role.\r\n\r\n```php\r\nEnforcer::getPermissionsForUser('eve'); // return array\r\n```\r\n\r\nDetermines whether a user has a permission.\r\n\r\n```php\r\nEnforcer::hasPermissionForUser('eve', 'articles', 'read');  // true or false\r\n```\r\n\r\nSee [Casbin API](https://casbin.org/docs/management-api#reference) for more APIs.\r\n\r\n### Using a middleware\r\n\r\nThis package comes with `EnforcerMiddleware`, `RequestMiddleware` middlewares. You can add them inside your `app/Http/Kernel.php` file.\r\n\r\n```php\r\nprotected $routeMiddleware = [\r\n    // ...\r\n    // a basic Enforcer Middleware\r\n    'enforcer' =\u003e \\Lauthz\\Middlewares\\EnforcerMiddleware::class,\r\n    // an HTTP Request Middleware\r\n    'http_request' =\u003e \\Lauthz\\Middlewares\\RequestMiddleware::class,\r\n];\r\n```\r\n\r\n#### basic Enforcer Middleware\r\n\r\nThen you can protect your routes using middleware rules:\r\n\r\n```php\r\nRoute::group(['middleware' =\u003e ['enforcer:articles,read']], function () {\r\n    // pass\r\n});\r\n```\r\n\r\n#### HTTP Request Middleware ( RESTful is also supported )\r\n\r\nIf you need to authorize a Request，you need to define the model configuration first in `config/lauthz-rbac-model.conf`:\r\n\r\n```ini\r\n[request_definition]\r\nr = sub, obj, act\r\n\r\n[policy_definition]\r\np = sub, obj, act\r\n\r\n[role_definition]\r\ng = _, _\r\n\r\n[policy_effect]\r\ne = some(where (p.eft == allow))\r\n\r\n[matchers]\r\nm = g(r.sub, p.sub) \u0026\u0026 keyMatch2(r.obj, p.obj) \u0026\u0026 regexMatch(r.act, p.act)\r\n```\r\n\r\nThen, using middleware rules:\r\n\r\n```php\r\nRoute::group(['middleware' =\u003e ['http_request']], function () {\r\n    Route::resource('photo', 'PhotoController');\r\n});\r\n```\r\n\r\n### Using Gates\r\n\r\nYou can use Laravel Gates to check if a user has a permission, provided that you have set an existing user instance as the currently authenticated user.\r\n\r\n```php\r\n$user-\u003ecan('articles,read');\r\n// For multiple enforcers\r\n$user-\u003ecan('articles,read', 'second');\r\n// The methods cant, cannot, canAny, etc. also work\r\n```\r\n\r\nIf you require custom Laravel Gates, you can disable the automatic registration by setting `enabled_register_at_gates` to `false` in the lauthz file. After that, you can use `Gates::before` or `Gates::after` in your ServiceProvider to register custom Gates. See [Gates](https://laravel.com/docs/11.x/authorization#gates) for more details.\r\n\r\n### Multiple enforcers\r\n\r\nIf you need multiple permission controls in your project, you can configure multiple enforcers.\r\n\r\nIn the lauthz file, it should be like this:\r\n\r\n```php\r\nreturn [\r\n    'default' =\u003e 'basic',\r\n\r\n    'basic' =\u003e [\r\n        'model' =\u003e [\r\n            // ...\r\n        ],\r\n\r\n        'adapter' =\u003e Lauthz\\Adapters\\DatabaseAdapter::class,\r\n        // ...\r\n    ],\r\n\r\n    'second' =\u003e [\r\n        'model' =\u003e [\r\n            // ...\r\n        ],\r\n\r\n        'adapter' =\u003e Lauthz\\Adapters\\DatabaseAdapter::class,\r\n        // ...\r\n    ],\r\n];\r\n\r\n```\r\n\r\nThen you can choose which enforcers to use.\r\n\r\n```php\r\nEnforcer::guard('second')-\u003eenforce(\"eve\", \"articles\", \"edit\");\r\n```\r\n\r\n\r\n### Using artisan commands\r\n\r\nYou can create a policy from a console with artisan commands.\r\n\r\nTo user:\r\n\r\n```bash\r\nphp artisan policy:add eve,articles,read\r\n```\r\n\r\nTo Role:\r\n\r\n```bash\r\nphp artisan policy:add writer,articles,edit\r\n```\r\n\r\nAdds a role for a user:\r\n\r\n```bash\r\nphp artisan role:assign eve writer\r\n# Specify the ptype of the role assignment by using the --ptype option.\r\nphp artisan role:assign eve writer --ptype=g2\r\n```\r\n\r\n### Using cache\r\n\r\nAuthorization rules are cached to speed up performance. The default is off.\r\n\r\nSets your own cache configs in Laravel's `config/lauthz.php`. \r\n\r\n```php\r\n'cache' =\u003e [\r\n    // changes whether Lauthz will cache the rules.\r\n    'enabled' =\u003e false,\r\n\r\n    // cache store\r\n    'store' =\u003e 'default',\r\n\r\n    // cache Key\r\n    'key' =\u003e 'rules',\r\n\r\n    // ttl \\DateTimeInterface|\\DateInterval|int|null\r\n    'ttl' =\u003e 24 * 60,\r\n],\r\n```\r\n\r\n## Thinks\r\n\r\n[Casbin](https://github.com/php-casbin/php-casbin) in Laravel. You can find the full documentation of Casbin [on the website](https://casbin.org/).\r\n\r\n## License\r\n\r\nThis project is licensed under the [Apache 2.0 license](LICENSE).\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphp-casbin%2Flaravel-authz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphp-casbin%2Flaravel-authz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphp-casbin%2Flaravel-authz/lists"}