{"id":42561080,"url":"https://github.com/vaened/laravel-authorization","last_synced_at":"2026-01-28T20:25:53.573Z","repository":{"id":44426323,"uuid":"121161451","full_name":"vaened/laravel-authorization","owner":"vaened","description":"Package for the management of authorizations for Laravel","archived":false,"fork":false,"pushed_at":"2024-08-05T17:04:32.000Z","size":253,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-14T22:49:07.881Z","etag":null,"topics":["authorizations","enea","laravel","laravel-authorization","permissions","roles"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vaened.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-02-11T19:56:59.000Z","updated_at":"2024-11-08T15:56:13.000Z","dependencies_parsed_at":"2022-08-21T10:20:52.345Z","dependency_job_id":null,"html_url":"https://github.com/vaened/laravel-authorization","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/vaened/laravel-authorization","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vaened%2Flaravel-authorization","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vaened%2Flaravel-authorization/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vaened%2Flaravel-authorization/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vaened%2Flaravel-authorization/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vaened","download_url":"https://codeload.github.com/vaened/laravel-authorization/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vaened%2Flaravel-authorization/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28850770,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T15:15:36.453Z","status":"ssl_error","status_checked_at":"2026-01-28T15:15:13.020Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorizations","enea","laravel","laravel-authorization","permissions","roles"],"created_at":"2026-01-28T20:25:52.904Z","updated_at":"2026-01-28T20:25:53.567Z","avatar_url":"https://github.com/vaened.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"Laravel Authorization\n=====================\n\n[![Build Status](https://github.com/vaened/laravel-authorization/actions/workflows/tests.yml/badge.svg)](https://github.com/vaened/laravel-authorization/actions?query=workflow%3ATests) [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/vaened/laravel-authorization/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/vaened/laravel-authorization/?branch=master)  [![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)\n\nLaravel Authorization is a package that provides a simple administration interface for roles and permissions.\n\n```php\n// create authorizations\n$cashier = $this-\u003eroles-\u003ecreate('Cashier');\n$create = $this-\u003epermissions-\u003ecreate('Create Documents');\n$annul = $this-\u003epermissions-\u003ecreate('Annul Documents');\n\n\n// grant authorizations\n$cashier-\u003egrantMultiple([$create, $annul]);\n$user-\u003egrant($cashier);\n\n// check\n$user-\u003eisMemberOf('cashier'); // true\n$user-\u003ecan('create-documents'); // true\n$user-\u003ecan('annul-documents'); // true\n\n// deny authorizations\n$user-\u003edeny('annul-documents');\n\n// now\n$user-\u003ecan('annul-documents'); // false\n\n```\n\n## Table of Contents\n\n* [Installation](#installation)\n* [Quick Start](#quick-start)\n    - [checks](#checks)\n    - [`GRANT`](#grant)\n    - [`REVOKE`](#revoke)\n    - [`DENY`](#deny)\n* [Middleware](#middleware)\n* [Blade Directives](#blade-directives)\n\n## Installation\n\nLaravel Authorization requires PHP 8.1. This version supports Laravel 10 only.\n\nTo get the latest version, simply require the project using Composer:\n\n```sh\n$ composer require enea/laravel-authorization\n```\n\nOnce installed, if you are not using automatic package discovery, then you need to register\nthe [Enea\\Authorization\\AuthorizationServiceProvider](https://github.com/eneav/laravel-authorization/blob/master/src/AuthorizationServiceProvider.php)\nservice provider in your `config/app.php`.\n\nand finally, it only remains to run in the console:\n\n```sh\n$ php artisan authorization:install\n```\n\n## Quick Start\n\nStarting with laravel-authorization is as simple as extending the `User` model that provides the package:\n\n``` php\nuse Enea\\Authorization\\Models\\User as Authorizable;\n\nclass User extends Authorizable {\n    //\n}\n```\n\nOr in case you need to customize your user model, you must implement the `Enea\\Authorization\\Contracts\\Authorisable` interface and use\nthe `Enea\\Authorization\\Traits\\Authorisable` trait:\n\n``` php\nuse Enea\\Authorization\\Contracts\\Authorizable as AuthorizableContract;\nuse Enea\\Authorization\\Traits\\Authorizable;\nuse Illuminate\\Auth\\Authenticatable;\nuse Illuminate\\Contracts\\Auth\\Authenticatable as AuthenticatableContract;\nuse Illuminate\\Database\\Eloquent\\Model;\n\nclass User extends Model implements AuthenticatableContract, AuthorizableContract\n{\n    use Authenticatable, Authorizable;\n}\n```\n\n### Checks\n\nThere are some methods available for checking roles and permissions:\n\n Method       | Parameter       | Return  \n--------------|-----------------|---------\n can          | permission-name | boolean \n cannot       | permission-name | boolean \n isMemberOf   | role-name       | boolean \n isntMemberOf | role-name       | boolean \n\n#### Example\n\n```php\n// verify if a user has a permission\n$user-\u003ecan('permission-name');\n// verify if a user does not have a permission\n$user-\u003ecannot('permission-name');\n// verify if a user is a member of a role\n$user-\u003eisMemberOf('role-name');\n// verify if a user is not a member of a role\n$user-\u003eisntMemberOf('role-name');\n```\n\nOn the other hand, a role can only have permissions:\n\n```php\n// verify if a role has a permission\n$role-\u003ecan('permission-name');\n// verify if a role does not have a permission\n$role-\u003ecannot('permission-name');\n```\n\n### GRANT\n\nSimplify the way in which roles and permissions are granted, both can be granted through the `grant` method in your model, you can see an\nexample [here](https://github.com/eneav/laravel-authorization-example/blob/master/database/seeds/AuthorizationsSeeder.php)\n\n```php\n// grant an authorization to user\n$user-\u003egrant($authorization);\n// grant multiple authorizations to user\n$user-\u003egrantMultiple([$permission, $role]);\n// grant a permission to role\n$role-\u003egrant($permission);\n// grant multiple permissions to role\n$user-\u003egrantMultiple([$firstPermission, $secondPermission]);\n```\n\n### REVOKE\n\nTo revoke a permission or role of a model, you must use the `revoke` or `revokeMultiple` method:\n\n```php\n// revoke an authorization to a user\n$user-\u003erevoke($authorization);\n// revoke multiple authorizations of a user\n$user-\u003erevokeMultiple([$permission, $role]);\n// revoke a permission to a role\n$role-\u003erevoke($permission);\n// revoke multiple permissions of a role\n$user-\u003erevokeMultiple([$firstPermission, $secondPermission]);\n```\n\n### DENY\n\nTo prohibit certain accesses to a user can do it through the method `deny` and `denyMultiple`:\n\n```php\n// deny a permission to a user\n$user-\u003edeny($permission);\n// deny multiple permissions to a user\n$user-\u003edenyMultiple($permissions);\n```\n\n## Middleware\n\nThe middleware are activated automatically from the beginning, to change this you can do it from\nthe [configuration](https://github.com/eneav/laravel-authorization/blob/master/config/authorization.php) file:\n\n```php\n    // automatic middleware configuration.\n    'middleware' =\u003e [\n        'enabled' =\u003e true,\n\n        'permissions' =\u003e [\n            'alias' =\u003e 'authenticated.can',\n            'class' =\u003e \\Enea\\Authorization\\Middleware\\PermissionAuthorizerMiddleware::class,\n        ],\n        'roles' =\u003e [\n            'alias' =\u003e 'authenticated.is',\n            'class' =\u003e \\Enea\\Authorization\\Middleware\\RoleAuthorizerMiddleware::class,\n        ],\n    ],\n\n```\n\nOr in case you want to do a manual configuration you can deactivate the automatic load and modify\nyour [kernel](https://github.com/eneav/laravel-authorization-example/blob/master/app/Http/Kernel.php#L64-L65) file:\n\n```php\nprotected $routeMiddleware = [\n    ...\n    \n    // laravel-authorization\n    'authenticated.can' =\u003e \\Enea\\Authorization\\Middleware\\PermissionAuthorizerMiddleware::class,\n    'authenticated.is' =\u003e \\Enea\\Authorization\\Middleware\\RoleAuthorizerMiddleware::class,\n];\n```\n\nThen you can use it in your routes like any\nother [middleware](https://github.com/eneav/laravel-authorization-example/blob/master/routes/web.php#L33-L40):\n\n```php\n$router-\u003eget('create', 'CreateController@create')-\u003emiddleware('authenticated.can:create-articles');\n$router-\u003eget('admin', 'DashboardController@index')-\u003emiddleware('authenticated.is:admin');\n```\n\nIn case any user tries to access a protected route without authorization, an exception of\ntype [`UnauthorizedOwnerException`](https://github.com/eneav/laravel-authorization/blob/master/src/Exceptions/UnauthorizedOwnerException.php) will be\nthrow.\n\n### Custom errors\n\nTo show a custom error, we can edit\nthe [`Handler`](https://github.com/eneav/laravel-authorization-example/blob/master/app/Exceptions/Handler.php#L52-L54) file:\n\n```php\npublic function render($request, Exception $exception)\n{\n    if ($exception instanceof UnauthorizedOwnerException) {\n        return redirect()-\u003eroute('custom-unauthorized-route');\n    }\n    return parent::render($request, $exception);\n}\n```\n\n## Blade Directives\n\nThis package also adds Blade directives to verify if the currently connected user has a specific role or permission.\nOptionally you can pass in the `guard` that the check will be performed on as a second argument.\n\n### For Roles\n\n```php\n@authenticatedIs('articles-owner')\n    // is articles owner\n@else\n    // it's not articles owner\n@endauthenticatedIs\n```\n\nand to deny\n\n```php\n@authenticatedIsnt('articles-owner')\n    // it's not articles owner\n@else\n    // is articles owner\n@endauthenticatedIsnt\n```\n\n### For Permissions\n\n```php\n@authenticatedCan('edit-articles')\n    // can edit articles\n@else\n    // cannot edit articles\n@endauthenticatedCan\n```\n\nand to deny\n\n```php\n@authenticatedCannot('edit-articles')\n    // cannot edit articles\n@else\n    // can edit articles\n@endauthenticatedCannot\n```\n\n## Examples\n\n[Simple CRUD](https://github.com/eneav/laravel-authorization-example)\n\n## Changelog\n\nPlease see [CHANGELOG](CHANGELOG.md) for more information what has changed recently.\n\n## License\n\nLaravel Authorization is licensed under [The MIT License (MIT)](LICENSE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvaened%2Flaravel-authorization","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvaened%2Flaravel-authorization","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvaened%2Flaravel-authorization/lists"}