Download the PHP package kirchdev/laravel-pbac without Composer

On this page you can find all versions of the php package kirchdev/laravel-pbac. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of kirchdev/laravel-pbac

Informations about the package laravel-pbac

# πŸ›‘οΈ laravel-pbac **Policy-based access control for Laravel β€” roles, permissions, multi-tenant scoping, decision tracing, and native `Gate` integration.** [![Latest Version on Packagist](https://img.shields.io/packagist/v/kirchdev/laravel-pbac.svg?style=flat-square&color=4f46e5)](https://packagist.org/packages/kirchdev/laravel-pbac) [![Total Downloads](https://img.shields.io/packagist/dt/kirchdev/laravel-pbac.svg?style=flat-square&color=4f46e5)](https://packagist.org/packages/kirchdev/laravel-pbac) [![Tests](https://img.shields.io/github/actions/workflow/status/kirchDev/laravel-pbac/ci.yml?branch=main&style=flat-square&label=tests)](https://github.com/kirchDev/laravel-pbac/actions/workflows/ci.yml) [![PHP Version](https://img.shields.io/packagist/dependency-v/kirchdev/laravel-pbac/php?style=flat-square&color=8993be)](https://packagist.org/packages/kirchdev/laravel-pbac) [![Laravel Version](https://img.shields.io/packagist/dependency-v/kirchdev/laravel-pbac/illuminate%2Fsupport?style=flat-square&label=laravel&color=ff2d20)](https://packagist.org/packages/kirchdev/laravel-pbac) [![License: MIT](https://img.shields.io/packagist/l/kirchdev/laravel-pbac.svg?style=flat-square&color=10b981)](LICENSE)

That's it. Tenant-aware authorization in one line, native Laravel Gate semantics, no manual scope plumbing.

✨ Features

πŸ“¦ Installation

Publish and run the migrations:

Optionally publish the config:

πŸš€ Quick start

Add the HasRoles trait to whichever model should be authorizable:

Create roles, attach permissions, assign, check:

🏒 Multi-tenant authorization

Enable organisation scoping:

Scope authorization for the current request:

The decision cache resets on scope enter/exit, so checks never bleed across tenants.

Assigning global roles when org scoping is enabled

To prevent silent mis-targeting, role mutations by name refuse to resolve a global role unless the caller signals intent. Pass global: true, or wrap the call in Pbac::withoutOrganisation() and assign by Role instance:

Inside an active organisation scope, $user->assignRole('owner') resolves the org-scoped row only β€” global rows with the same name are deliberately invisible to mutations without the explicit flag.

Bring your own resolver (e.g. backed by a tenancy package or route binding):

Wire it via pbac.organisation.resolver.

πŸ” Decision trace

Wondering why a permission check returned what it did? Turn on tracing:

Gate::inspect() carries the decision's reason code via Response::message():

For the human-readable trace, reach for the last decision through the Pbac facade:

Production redacts trace context arrays by default (step names stay; values are stripped). Opt in to the full trace per request when you need it β€” e.g. for an admin debug route:

🧹 Cascade behaviour on delete

Foreign keys are deliberately set to ON DELETE CASCADE so the indexes never carry stale grants or assignments. Mark this on your operational checklist:

When you delete… These rows go away automatically
A Role All role_has_permissions rows for that role + all model_has_roles rows.
A Permission All role_has_permissions rows referencing it.
A host model (e.g. User) row Not automatic. model_has_roles rows on the morph side are orphaned.

The host-model side is polymorphic (model_type + model_id), so no FK enforces it. Hook your model's deleting/deleted events or run a periodic prune job if user/team deletions are part of your normal flow. If you need an audit trail of historical grants/assignments, capture it before deletion β€” once the cascade fires, the rows are gone.

βš™οΈ Configuration highlights

config/pbac.php is heavily parameterised β€” see the file for inline docs. Most common knobs:

Key What it controls
models.* Swap any of the 4 Eloquent models (Role / Permission / RoleAssignment / RolePermission).
table_names.* Override defaults if they collide with existing tables.
keys.* id / uuid / ulid for primary keys, model morphs, target morphs, org FK. Set before migrations.
column_names.* Pivot and morph key column names (handy for UUID setups).
organisation.enabled / .resolver Toggle multi-tenancy, plug a custom resolver.
gate.fallback_to_laravel_gates Whether unmatched abilities fall back to native Laravel gates.
trace.enabled Capture per-decision explanations. Redacted in prod by default.
cache.decision_store Decision cache backend (request by default).
register_octane_reset_listener Reset scoped state at Octane worker boundaries.

πŸ” Migrating from spatie/laravel-permission

Coming from spatie/laravel-permission? See the dedicated guide for schema, API, and multi-tenancy differences plus a copy-pasteable data-migration script: docs/migration-from-spatie-laravel-permission.md.

πŸ§ͺ Testing

The test suite runs via Testbench + in-memory SQLite β€” no host app required.

🀝 Contributing

PRs welcome. Conventional Commits required (enforced via commitlint). Husky runs Pint + Larastan + oxlint + oxfmt on git commit, so you can mostly forget about style.

[!TIP] Run pnpm check:fix (Node tooling) and composer pint:fix (PHP) before pushing β€” CI will catch what husky missed.

πŸ›£οΈ Versioning

Semantic Versioning. Release notes in release-please.

πŸ“„ License

IT-Dienstleistungen Titus Kirch

All versions of laravel-pbac with dependencies

PHP Build Version
Package Version
Requires php Version ^8.4
illuminate/auth Version ^13.0
illuminate/contracts Version ^13.0
illuminate/database Version ^13.0
illuminate/events Version ^13.0
illuminate/support Version ^13.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package kirchdev/laravel-pbac contains the following files

Loading the files please wait ...