Larallow is a Permissions Package With Support for Scopes

Last updated on by

Larallow is a Permissions Package With Support for Scopes image

Larallow for Laravel is a package for handling roles and permissions with advanced features such as scoped roles, polymorphic relations, translation support, and more. This package helps you manage permission tasks such as creating permissions, assigning/removing them from users, and finally checking those capabilities in your app.

Using this package, you can allow users permissions directly using the allow() method. You can assign permissions to users through a role, as you'd expect in a permissions package:

use App\Models\User;
use App\Enums\Permissions\UserPermission;
 
$user = User::find(1);
 
// Using enum
$user->allow(UserPermission::ViewClients);
 
// Or using string
$user->allow('edit_post');
 
// Assign a role to a user
$role = Role::find($roleId);
$user->assignRole($role);

On the other side of assigning permissions to users, this package provides the ability to create permissions and even group them:

use EduLazaro\Larallow\Permission;
 
// Simple permission creation
Permission::create('manage_offices')->label('Manage Offices');
 
// Create a permission for many types:
Permission::create('manage_offices')
->for([User::class, Client::class])
->label('Manage Offices');
 
// Scope a permission
Permission::create('manage_clients')
->for(User::class)
->on(Office::class)
->label('Manage Clients');
 
// Translate a permission
Permission::create([
UserPermission::ManageOffices->value => __('Manage offices'),
])->for(User::class)
->on(Group::class);
 
Permission::create([
UserPermission::ManageClients->value => 'Manage clients',
UserPermission::ManageProperties->value => 'Manage properties',
UserPermission::ManageDevelopments->value => 'Manage developments',
UserPermission::ManageAppointments->value => 'Manage appointments',
UserPermission::ManageUsers->value => 'Manage users',
])->for(User::class)
->on([
Office::class,
Group::class,
]);

This package provides various ways to check permissions for an actor and role:

// Check a role
$user->hasRole('admin');
 
// Scoped role
$user->hasRole('admin', $scopedModel);
 
// Check if the actor has at least one of the roles
$hasRole = Roles::query()
->roles($roleOrRoleIds)
->for($actor)
->on($scopeModel) // Optional scope
->check();
 
// Check if the actor has all of the roles specified
$hasRole = Roles::query()
->roles($roleOrRoleIds)
->for($actor)
->on($scopeModel) // Optional scope
->checkAll();

You can check roles in Blade templates using the @roles directive to determine capabilities in your views:

@roles(['admin', 'editor'])
<p>You have some elevated role access.</p>
@endroles

Main Features

  • Manage roles and permissions for any actor model (User, Client, etc.)
  • Support for scoped roles via polymorphic roleable models (e.g., specific projects, teams)
  • Support for scoped permissions via polymorphic permissionable models (e.g., specific resources)
  • Define permissions with a fluent API in a similar way you define Laravel routes.
  • Fluent querying and checking with Permissions and Roles helper classes
  • Built-in translation support for role names without external packages
  • Permission hierarchy

You can learn more about this package, get full installation instructions, and view the source code on GitHub.

Learn More

It's important to note that this package is new to the Laravel permissions space and hasn't released a v1.0.0 version yet. Permissions are a critical part of securing your application, so be sure to do your homework when selecting a permissions package.

Historically, Laravel has some well-known packages for managing users that are considered stable and have been around for quite a long time. We compared the Two Best Laravel Packages to Manage Roles/Permissions on Laravel News. Regardless, we share various community-provided packages and leave it up to you to decide what works best for your applications.

Paul Redmond photo

Staff writer at Laravel News. Full stack web developer and author.

Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

image
Tinkerwell

Enjoy coding and debugging in an editor designed for fast feedback and quick iterations. It's like a shell for your application – but with multi-line editing, code completion, and more.

Visit Tinkerwell
Laravel Cloud logo

Laravel Cloud

Easily create and manage your servers and deploy your Laravel applications in seconds.

Laravel Cloud
PhpStorm logo

PhpStorm

The go-to PHP IDE with extensive out-of-the-box support for Laravel and its ecosystem.

PhpStorm
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
SaaSykit: Laravel SaaS Starter Kit logo

SaaSykit: Laravel SaaS Starter Kit

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

SaaSykit: Laravel SaaS Starter Kit
Harpoon: Next generation time tracking and invoicing logo

Harpoon: Next generation time tracking and invoicing

The next generation time-tracking and billing software that helps your agency plan and forecast a profitable future.

Harpoon: Next generation time tracking and invoicing
No Compromises logo

No Compromises

Joel and Aaron, the two seasoned devs from the No Compromises podcast, are now available to hire for your Laravel project. ⬧ Flat rate of $9500/mo. ⬧ No lengthy sales process. ⬧ No contracts. ⬧ 100% money back guarantee.

No Compromises
Acquaint Softtech logo

Acquaint Softtech

Acquaint Softtech offers AI-ready Laravel developers who onboard in 48 hours at $3000/Month with no lengthy sales process and a 100 percent money-back guarantee.

Acquaint Softtech
Lucky Media logo

Lucky Media

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

Lucky Media
Shift logo

Shift

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Shift

The latest

View all →
Laravel Quota: Usage Budgets for Calendar Periods image

Laravel Quota: Usage Budgets for Calendar Periods

Read article
Find the Security Vulnerabilities in Your Laravel App with Sensagraph image

Find the Security Vulnerabilities in Your Laravel App with Sensagraph

Read article
Uvora: A macOS Menu Bar App for Finding Laravel Projects image

Uvora: A macOS Menu Bar App for Finding Laravel Projects

Read article
Passwordless Sign-In with Fortify Two-Factor Support in Laravel image

Passwordless Sign-In with Fortify Two-Factor Support in Laravel

Read article
Intercept: Middleware Guardrails for Laravel AI Agents image

Intercept: Middleware Guardrails for Laravel AI Agents

Read article
AI Review for Laravel Upgrades image

AI Review for Laravel Upgrades

Read article