laravel-permission
Associate users with roles and permissions
A Laravel package that adds database-backed user roles and permissions to your web app, letting you control who can do what with simple, expressive code compatible with Laravel's built-in authorization.
This package adds a user permission and role system to Laravel, a popular PHP web framework. It lets you store permissions and roles in a database and attach them to users, making it straightforward to control who can do what inside a web application.
The core idea is simple: you can grant a permission directly to a user (for example, "edit articles"), or you can create a role like "writer" and attach the permission to the role, then assign the role to users. Either way, Laravel's standard authorization tools recognize the permission and let you check it with the same built-in methods you would use normally.
Installation follows the standard Laravel package process via Composer, and full documentation covering setup, configuration, and upgrade notes is hosted on the Spatie website. The package has been downloaded millions of times and is widely used in production Laravel applications.
This is an open-source project published by Spatie, a software company based in Antwerp, Belgium. It is free to use under the MIT license. Spatie asks that users who run it in production send a postcard from their hometown as a small token of appreciation, though this is entirely optional.
A handful of alternative packages exist for similar use cases in Laravel, including Bouncer, Laratrust, and Entrust, each taking slightly different approaches to teams, wildcard matching, or structure.
Where it fits
- Add role-based access control to a Laravel app, such as separating admin, editor, and viewer users.
- Grant a specific permission directly to one user without creating a full role for them.
- Check user permissions inside Laravel controllers or Blade templates using standard built-in authorization methods.