Every two weeks I send out a newsletter containing lots of interesting stuff for the modern PHP developer. You can expect quick tips, links to interesting tutorials, opinions and packages. Want to learn the cool stuff? Then sign up now!

A package to add roles and permissions to Laravel

With the release of Laravel 5.1.1 last week the framework gained some nice Authorization features. It provides an easy way to define abilities (aka permissions). Checking if a user has certain abilities is very simple as well. The code powering authorization is a thing of beauty. If you’re a Laracasts subscriber let Jeffrey Way guide you through the code. In a later lesson he demonstrates how to add role based authentication.

I’ve used Jeffrey’s code as a base to create a new package called laravel-permission. The package provides an easy way to associate users with roles and permissions.

//adding permissions to a user
$user->givePermissionTo('edit articles');

//adding permissions via a role

$role->givePermissionTo('edit articles');

Saved permissions and roles are also registered with the Illuminate\Auth\Access\Gate-class. So permissions can be checked with Laravel’s native can-function.

$user->can('edit articles');

Take a look at the readme on GitHub to see some more examples on how the package can be used.

Freek Van der Herten is a partner and developer at Spatie, an Antwerp based company that specializes in creating web apps with Laravel. After hours he writes about modern PHP and Laravel on this blog. When not coding he’s probably rehearsing with his kraut rock band.
  • Saqueib

    Thanks for this package, I have a question

    is there a way to use @can blade syntax in view?

    like @can(‘edit articles’) edit link @endcan

    • Saqueib

      Never mind, its working

  • I couldn’t get this video, https://laracasts.com/series/whats-new-in-laravel-5-1/episodes/16

    is this compatible with Jeffrey’s way?

  • Mick Byrne

    Any idea how you would store abilities for several applications in one place? I guess a separate db/application?

    • Seperate db/app sounds like a good idea

      • Mick Byrne

        Thanks. If it was a separate application, how would the other applications talk to it? Why can’t I find an example anywhere? Surely someone else is doing this?

  • Joao Prado

    Thanks a lot for this package. One question though, I’m new with laravel, how would i go about listing all the permission a certain user has?

    I’m creating a panel to control these permissions.

    • Ortwin van Vessem

      You could archive this like so:

      use AppUser;

      $user = User::findOrFail($id);
      return $user->permissions;

      The permissions are eager loaded with the User model. The same goes for the roles.

  • Frank

    How to test if user has one or more roles ?
    There is 3 roles: admin, support, staff

    If I want to know if user A has roles admin and staff.

    Trying to use hasAnyRoles but no luck


  • John Connor

    Hi, is the @can at the blade can be use for multiple permission such as @can(‘Recommend’,’Approve’,’Publish’) ?

    And can I use separate can like below:


    I want to check multiple permission at the role.

    • @can is part of Laravel itself. Here’s the documentation on that directive: https://laravel.com/docs/5.1/authorization#within-blade-templates

      It seems that checking for multiple permissions currently is not possible. I think the easiest way to check if a users has some given permissions, is to register a permission at the gate that checks if the user has one of the underlying permission that you want to check on.

      • John Connor

        Thank you sir for your guide. Here what I do from your suggestion:

        @if(Gate::check(‘Recommend’) || Gate::check(‘Approve’))
        url: “{{ url(‘application/readAll’) }}”,
        url: “{{ url(‘application/read’) }}”,

        It’s work. Thank you.

  • Satish Reddy

    Hi, How to protect the routes using the permissions with this package? and another questios is is there any easy way to build menu with protected routes. ?

  • joseph

    Is it work with multi auth laravel5.2 ?
    Can you give any example with multi auth.