Download the PHP package curly-deni/laravel-permission-controller without Composer
On this page you can find all versions of the php package curly-deni/laravel-permission-controller. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download curly-deni/laravel-permission-controller
More information about curly-deni/laravel-permission-controller
Files in curly-deni/laravel-permission-controller
Package laravel-permission-controller
Short Description A Laravel package that observes model events and automatically enforces create, update, and delete permissions based on policies.
License MIT
Homepage https://github.com/curly-deni/laravel-permission-controller
Informations about the package laravel-permission-controller
Laravel Permission Controller
Permission Controller is a lightweight Laravel package that automatically enforces create
, update
, delete
, and optionally read
permissions at the model level based on your policy methods. It streamlines permission handling and improves application security with minimal setup.
Features
- 🛡️ Automatic permission checks for
create
,update
,delete
, and optionalread
actions. - ⚡ Seamless integration with Laravel’s native authorization system (policies).
- ⚙️ Highly configurable — control enabled actions and exception behavior per action.
- 🧩 Simple trait-based integration for Eloquent models.
- 📚 Clean, modular, and extendable architecture.
Installation
Install the package via Composer:
Publish the configuration file:
Configuration
The published configuration file config/permission-controller.php
looks like this:
Configuration options:
read_scope
: The scope class applied to model queries to restrict access based onread
permissions.observer
: The observer class that enforces permission checks on model events (creating
,updating
,deleting
).
Per-action settings (create
, update
, delete
, read
):
enable
: Enable or disable permission enforcement for the specific action.exception
: Exception class to throw when permission is denied (ifthrow_exception
istrue
).throw_exception
: Iftrue
, the package will throw an exception; otherwise, the action will simply not proceed.
If exceptions are enabled, these exception classes are used:
Action | Exception Class |
---|---|
Create | Aesis\PermissionController\Exceptions\CreateModelForbidden |
Update | Aesis\PermissionController\Exceptions\UpdateModelForbidden |
Delete | Aesis\PermissionController\Exceptions\DeleteModelForbidden |
Read | Aesis\PermissionController\Exceptions\ReadModelForbidden |
Tip: You can override the exception classes to provide custom messages, error codes, or even logging.
Usage
1. Add the Trait to Your Models
Include the HasPermissionController
trait in any Eloquent model you want to protect:
2. Define Policy Methods
You must implement policy methods only for the actions that are enabled in the configuration:
- If
'create'
is enabled, implement acreate(User $user)
method. - If
'update'
is enabled, implement anupdate(User $user, Model $model)
method. - If
'delete'
is enabled, implement adelete(User $user, Model $model)
method. - If
'read'
is enabled, implement aread(User $user)
method (without passing the model instance).
Example for a PostPolicy
:
Important:
Theread
method only accepts theUser
object — no model instance is passed.
Credits
- Danila Mikhalev
- All Contributors
License
The MIT License (MIT). Please see License File for more information.
All versions of laravel-permission-controller with dependencies
illuminate/auth Version ^10.0||^11.0||^12.0
illuminate/contracts Version ^10.0||^11.0||^12.0
illuminate/support Version ^10.0||^11.0||^12.0
spatie/laravel-package-tools Version ^1.16