
A RBAC package for Laravel.

v2.0.0 2020-06-17 18:31 UTC

This package is auto-updated.

Last update: 2025-02-18 04:33:27 UTC


English | 中文

Laravel RBAC

This package helps you to manage permissions and roles.


You may install this package via Composer:

composer require huang-yi/laravel-rbac

Next, you should publish configuration and migration files using the vendor:publish Artisan command:

php artisan vendor:publish --provider="HuangYi\Rbac\RbacServiceProvider"

Finally, you should run your database migrations:

php artisan migrate


  • user: The user model class you are using.
  • database:
    • connection: The database connection for RBAC tables.
    • prefix: The common prefix for RBAC tables.
  • cache: The cache switch.


Your User model must be configured to rbac.user option. It should implement the HuangYi\Rbac\Contracts\Authorizable interface and use the HuangYi\Rbac\Concerns\Authorizable trait.

namespace App;

use HuangYi\Rbac\Concerns\Authorizable;
use HuangYi\Rbac\Contracts\Authorizable as AuthorizableContract;

class User extends Authenticatable implement AuthorizableContract
    use Authorizable, Notifiable;

Store a permission to database:

use HuangYi\Rbac\Permission;

Permission::make('edit post');

Store a role to database:

use HuangYi\Rbac\Role;

Permission::make('personnel manager');

Attach or detach permissions to role:




Attach or detach roles to user:




Attach or detach permissions to user:




Determine if the user has roles:


$user->hasRoles(['author', 'personnel manager']);

$user->hasAnyRoles(['author', 'personnel manager']);

Determine if the user has permissions:

$user->hasPermission('create post');

$user->hasPermissions(['create post', 'edit post']);

$user->hasAnyPermissions(['create post', 'edit post']);

// this is similar to hasAnyPermissions
$user->can('edit post|edit post');

Super Admin

You may register a callback for determining if the user is a super admin by using Rbac::checkSuperAdminUsing() method:

namespace App\Providers;

use HuangYi\Rbac\Rbac;
use Illuminate\Support\ServiceProvider;

class AuthServiceProvider extends ServiceProvider
    public function boot()
        Rbac::checkSuperAdminUsing(function ($user) {
            return in_array($user->email, ['']);


// role middleware
Route::get('admin/staffs', [StaffController::class, 'index'])->middleware('role:personnel manager|vice president');

// permission middleware
Route::post('post/{post}', [PostController::class, 'update'])->middleware('permission:create post|edit post');

// this is similar to 'permission' middleware
Route::post('post/{post}', [PostController::class, 'update'])->middleware('can:create post|edit post');

Blade Directives

Role directives:

  • @role, @elserole, @endrolehasRole
  • @roles, @elseroles, @endroleshasRoles
  • @anyroles, @elseanyroles, @endanyroleshasAnyRoles

Permission directives:

  • @permission, @elsepermission, @endpermissionhasPermission
  • @permissions, @elsepermissions, @endpermissionshasPermissions
  • @anypermissions, @elseanypermissions, @endanypermissionshasAnyPermissions


composer test


This package is open-sourced software licensed under the MIT license.