1. Go to this page and download the library: Download bspdx/keystone library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
namespace App\Models;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use BSPDX\Keystone\Traits\HasKeystone;
class User extends Authenticatable
{
use Notifiable, HasKeystone;
// ... rest of your model
}
use App\Models\User;
$admins = User::role('admin')->get();
$staff = User::role(['admin', 'manager'])->get();
namespace App\Http\Controllers;
use BSPDX\Keystone\Services\Contracts\RoleServiceInterface;
use BSPDX\Keystone\Services\Contracts\PermissionServiceInterface;
use BSPDX\Keystone\Services\Contracts\AuthorizationServiceInterface;
use BSPDX\Keystone\Services\Contracts\PasskeyServiceInterface;
class AdminController extends Controller
{
public function __construct(
private RoleServiceInterface $roleService,
private PermissionServiceInterface $permissionService,
private AuthorizationServiceInterface $authService
) {}
public function assignRole(User $user)
{
// Get all roles
$roles = $this->roleService->getAllWithPermissions();
// Assign roles to user
$this->authService->assignRolesToUser($user, ['admin', 'editor']);
// Check if user has role
if ($this->authService->userHasRole($user, 'admin')) {
// User is admin
}
}
}
// Include in your routes/web.php
// Include in your routes/api.php
Route::middleware(['auth', 'role:admin'])->group(function () {
// Only users with 'admin' role can access
});
// Multiple roles (OR logic)
Route::middleware(['auth', 'role:admin,editor'])->group(function () {
// Users with 'admin' OR 'editor' role can access
});
Route::middleware(['auth', 'permission:edit-posts'])->group(function () {
// Only users with 'edit-posts' permission
});
// Multiple permissions
Route::middleware(['auth', 'permission:edit-posts,publish-posts'])->group(function () {
// Users with either permission can access
});
Route::middleware(['auth', '2fa'])->group(function () {
// Ensures users with
// Check role
if (auth()->user()->hasRole('admin')) {
// User is an admin
}
// Check permission
if (auth()->user()->can('edit-posts')) {
// User can edit posts
}
// Check multiple roles
if (auth()->user()->hasAnyRole(['admin', 'editor'])) {
// User has at least one of these roles
}
// Super admin check
if (auth()->user()->isSuperAdmin()) {
// User is super admin (bypasses all permission checks)
}
use BSPDX\Keystone\Services\Contracts\AuthorizationServiceInterface;
class PostController extends Controller
{
public function __construct(
private AuthorizationServiceInterface $authService
) {}
public function edit(Post $post)
{
if ($this->authService->userHasPermission(auth()->user(), 'edit-posts')) {
// User can edit posts
}
}
}
use BSPDX\Keystone\Models\KeystoneRole;
// Create a global role accessible to all tenants
$superAdmin = KeystoneRole::withoutTenant()->create([
'name' => 'super_administrator',
'title' => 'Super Administrator',
'tenant_id' => null, // Global role
]);
// tenant_id is auto-populated from authenticated user
Auth::login($userInTenantA);
$manager = KeystoneRole::create([
'name' => 'department_manager',
'title' => 'Department Manager',
// tenant_id automatically set from auth()->user()->tenant_id
]);
// View all roles across all tenants
$allRoles = KeystoneRole::withoutTenant()->get();
// Check if user can bypass tenant filtering
if ($user->canBypassPermissions()) {
// User is super-admin
}
namespace App\Models;
use Illuminate\Foundation\Auth\User as Authenticatable;
use BSPDX\Keystone\Traits\HasKeystone;
class User extends Authenticatable
{
use HasKeystone;
protected $fillable = ['name', 'email', 'password'];
}
// routes/web.php
Route::get('/login', function () {
return view('auth.login');
})->name('login');
// Include Keystone routes