Larallow for Laravel is a package for handling roles and permissions with advanced features such as scoped roles, polymorphic relations, translation support, and more. This package helps you manage permission tasks such as creating permissions, assigning/removing them from users, and finally checking those capabilities in your app.
Using this package, you can allow users permissions directly using the allow() method. You can assign permissions to users through a role, as you'd expect in a permissions package:
use App\Models\User;use App\Enums\Permissions\UserPermission; $user = User::find(1); // Using enum$user->allow(UserPermission::ViewClients); // Or using string$user->allow('edit_post'); // Assign a role to a user$role = Role::find($roleId);$user->assignRole($role);On the other side of assigning permissions to users, this package provides the ability to create permissions and even group them:
use EduLazaro\Larallow\Permission; // Simple permission creationPermission::create('manage_offices')->label('Manage Offices'); // Create a permission for many types:Permission::create('manage_offices') ->for([User::class, Client::class]) ->label('Manage Offices'); // Scope a permissionPermission::create('manage_clients') ->for(User::class) ->on(Office::class) ->label('Manage Clients'); // Translate a permissionPermission::create([ UserPermission::ManageOffices->value => __('Manage offices'),])->for(User::class) ->on(Group::class); Permission::create([ UserPermission::ManageClients->value => 'Manage clients', UserPermission::ManageProperties->value => 'Manage properties', UserPermission::ManageDevelopments->value => 'Manage developments', UserPermission::ManageAppointments->value => 'Manage appointments', UserPermission::ManageUsers->value => 'Manage users',])->for(User::class) ->on([ Office::class, Group::class, ]);This package provides various ways to check permissions for an actor and role:
// Check a role$user->hasRole('admin'); // Scoped role$user->hasRole('admin', $scopedModel); // Check if the actor has at least one of the roles$hasRole = Roles::query() ->roles($roleOrRoleIds) ->for($actor) ->on($scopeModel) // Optional scope ->check(); // Check if the actor has all of the roles specified$hasRole = Roles::query() ->roles($roleOrRoleIds) ->for($actor) ->on($scopeModel) // Optional scope ->checkAll();You can check roles in Blade templates using the @roles directive to determine capabilities in your views:
@roles(['admin', 'editor']) <p>You have some elevated role access.</p>@endrolesMain Features
- Manage roles and permissions for any actor model (User, Client, etc.)
- Support for scoped roles via polymorphic roleable models (e.g., specific projects, teams)
- Support for scoped permissions via polymorphic permissionable models (e.g., specific resources)
- Define permissions with a fluent API in a similar way you define Laravel routes.
- Fluent querying and checking with Permissions and Roles helper classes
- Built-in translation support for role names without external packages
- Permission hierarchy
You can learn more about this package, get full installation instructions, and view the source code on GitHub.
Learn More
It's important to note that this package is new to the Laravel permissions space and hasn't released a v1.0.0 version yet. Permissions are a critical part of securing your application, so be sure to do your homework when selecting a permissions package.
Historically, Laravel has some well-known packages for managing users that are considered stable and have been around for quite a long time. We compared the Two Best Laravel Packages to Manage Roles/Permissions on Laravel News. Regardless, we share various community-provided packages and leave it up to you to decide what works best for your applications.
