Download the PHP package laraarabdev/filament-gatekeeper without Composer
On this page you can find all versions of the php package laraarabdev/filament-gatekeeper. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download laraarabdev/filament-gatekeeper
More information about laraarabdev/filament-gatekeeper
Files in laraarabdev/filament-gatekeeper
Package filament-gatekeeper
Short Description Advanced Role and Permission management for Laravel Filament with Spatie Permission integration, multi-guard support, HMVC modules, and performance caching.
License MIT
Homepage https://github.com/laraarabdev/filament-gatekeeper
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package filament-gatekeeper
[](https://packagist.org/packages/laraarabdev/filament-gatekeeper) [](https://packagist.org/packages/laraarabdev/filament-gatekeeper) [](https://packagist.org/packages/laraarabdev/filament-gatekeeper) [](https://github.com/LaraArabDev/filament-gatekeeper/actions/workflows/tests.yml) [](https://codecov.io/gh/laraarabdev/filament-gatekeeper) [](https://github.com/LaraArabDev/filament-gatekeeper/actions/workflows/static-analysis.yml) [](https://github.com/LaraArabDev/filament-gatekeeper/actions/workflows/security.yml) [](https://github.com/LaraArabDev/filament-gatekeeper/actions/workflows/mutation-testing.yml) [](https://github.com/LaraArabDev/filament-gatekeeper/actions/workflows/code-style.yml) [](https://php.net) [](https://laravel.com) [](https://filamentphp.com) **Granular role & permission management for Laravel Filament 5.x — built to give you full control over every layer of your app with minimal setup.**
Filament Gatekeeper lets you control and customize who sees and does what across your entire application — Filament resources, form fields, table columns, pages, widgets, relation managers, and API responses — all from one place.
Then assign permissions to roles in the UI — no code changes needed.
What you can control:
- Resource access (view, create, edit, delete, restore...)
- Individual form fields — visible or editable per role
- Table columns — hide sensitive data by role
- Custom actions, widgets, pages, and relation managers
- API responses — filter fields and relations per role
- Multi-guard support (web + API)
- Super admin role that bypasses all checks
Table of Contents
- Features
- Requirements
- Installation
- Quick Start
- Configuration
- Default Setup Options
- Usage
- Auto-Discovery (Field & Column Detection)
- Permission Management
- API Permissions
- Commands
- Quick Reference
- Contributing
- License
Features
Filament Admin Panel | |
| Resource Permissions | Full CRUD + restore, force delete, replicate, reorder |
| Field Permissions | Control form field visibility and editability |
| Column Permissions | Control table column visibility |
| Action Permissions | Control custom action execution |
| Page Permissions | Control page access |
| Widget Permissions | Control widget visibility |
| Relation Permissions | Control relation manager access |
API & Backend | |
| API Middleware | Route-level permission checking |
| Controller Traits | Easy permission checks in controllers |
| API Resource Permissions | Field/relation visibility in JSON responses |
| Model Permissions | Permissions for models without Filament resources |
System Features | |
| Super Admin Bypass | Configurable super admin role that bypasses all checks |
| Multi-Guard Support | Web, API, and custom guards with auto-detection |
| HMVC Module Support | Works with nwidart/laravel-modules |
| Performance Caching | Cached permission matrix for fast lookups |
| Auto-Discovery | Automatically detect fields & columns from 4 different sources |
| Localization | 18 languages out of the box |
Supported Languages: English, Arabic, French, Spanish, Portuguese, German, Italian, Dutch, Russian, Chinese, Japanese, Korean, Indonesian, Polish, Hindi, Ukrainian, Turkish, Persian
Requirements
- PHP 8.2, 8.3, or 8.4
- Laravel 11.x or 12.x
- Filament 5.x (latest: 5.6.3)
- Spatie Laravel Permission 6.x (must be installed and configured)
Compatibility Matrix
| Filament | Laravel 11 | Laravel 12 |
|---|---|---|
| 5.6.x (latest stable) | PHP 8.2, 8.3, 8.4 | PHP 8.2, 8.3, 8.4 |
| ^5.0 (any 5.x) | PHP 8.2, 8.3, 8.4 | PHP 8.2, 8.3, 8.4 |
All combinations are verified in CI on every push.
Installation
The install command publishes the config, migrations, and updates config/permission.php automatically.
Quick Start
1. Register the Plugin
In your Filament Panel Provider (app/Providers/Filament/AdminPanelProvider.php):
2. Add HasRoles to User Model
Option A: Extend Base Class (Recommended)
Option B: Use Trait Manually
3. Apply Permissions to Resources
Option A: Extend Base Class (Recommended)
Option B: Use Traits
4. Sync Permissions
Or use the dashboard action in the Role Resource.
5. Assign Roles to Users
Navigate to the Roles page in your Filament panel, assign permissions to roles, then assign roles to users.
Configuration
The configuration file is located at config/gatekeeper.php. Key settings:
Default Setup Options
All options are in config/gatekeeper.php. Below is a complete reference of every available setting.
Super Admin
| Key | Default | Description |
|---|---|---|
super_admin.enabled |
true |
Enable super admin bypass for all permission checks |
super_admin.role |
'super-admin' |
Role name that bypasses all checks |
Guards
| Key | Default | Options | Description |
|---|---|---|---|
guard |
'web' |
'web', 'api', any guard name |
Default guard used for permission checks |
guards.web.enabled |
true |
true, false |
Enable web guard |
guards.web.provider |
'users' |
Any auth provider | User provider for web guard |
guards.api.enabled |
true |
true, false |
Enable API guard |
guards.api.provider |
'users' |
Any auth provider | User provider for API guard |
Discovery Paths
| Key | Default | Description |
|---|---|---|
discovery.discover_models |
false |
Auto-discover API-only models (no Filament resource) |
discovery.models |
['app/Models'] |
Paths to scan for models |
discovery.resources |
['app/Filament/Resources', 'app/Filament/*/Resources'] |
Paths to scan for Filament resources |
discovery.pages |
['app/Filament/Pages', 'app/Filament/*/Pages'] |
Paths to scan for Filament pages |
discovery.widgets |
['app/Filament/Widgets', 'app/Filament/*/Widgets'] |
Paths to scan for Filament widgets |
HMVC Modules (nwidart/laravel-modules)
| Key | Default | Description |
|---|---|---|
modules.enabled |
false |
Enable module discovery |
modules.namespace |
'Modules' |
Root namespace for modules |
modules.path |
base_path('Modules') |
Root path for modules |
modules.discovery_paths.models |
'{module}/Models' |
Model path pattern inside each module |
modules.discovery_paths.resources |
'{module}/Filament/Resources' |
Resource path pattern |
modules.discovery_paths.pages |
'{module}/Filament/Pages' |
Page path pattern |
modules.discovery_paths.widgets |
'{module}/Filament/Widgets' |
Widget path pattern |
Navigation
| Key | Default | Description |
|---|---|---|
navigation.group |
'Access Control' |
Sidebar group for Gatekeeper resources |
navigation.icon |
'heroicon-o-shield-check' |
Icon for navigation items |
navigation.sort |
1 |
Sort order within the navigation group |
Cache
| Key | Default | Description |
|---|---|---|
cache.enabled |
true |
Enable permission caching |
cache.driver |
null |
Cache driver (null = default app driver) |
cache.prefix |
'gatekeeper' |
Cache key prefix |
cache.ttl |
3600 |
Cache TTL in seconds (1 hour) |
cache.tags |
['gatekeeper'] |
Cache tags (requires tagged driver like Redis) |
Permission Generator
| Key | Default | Options | Description |
|---|---|---|---|
generator.snake_case |
true |
true, false |
Use snake_case names (view_any_user vs viewAnyUser) |
generator.separator |
'_' |
Any string | Separator between permission parts |
generator.include_guard |
false |
true, false |
Append guard name to permission (e.g. view_any_user_web) |
Exclusion Lists
| Key | Default | Description |
|---|---|---|
excluded_models |
[] |
Models to skip during permission discovery |
excluded_resources |
[] |
Filament resources to skip |
excluded_pages |
[] |
Filament pages to skip |
excluded_widgets |
[] |
Filament widgets to skip |
Usage
Resource Permissions
When using HasResourcePermissions trait or extending GatekeeperResource, these methods are automatically implemented:
| Method | Description |
|---|---|
canViewAny() |
Check if user can view any records |
canView($record) |
Check if user can view a specific record |
canCreate() |
Check if user can create records |
canEdit($record) |
Check if user can edit a record |
canDelete($record) |
Check if user can delete a record |
canRestore($record) |
Check if user can restore a record |
canForceDelete($record) |
Check if user can force delete a record |
canReplicate($record) |
Check if user can replicate a record |
canReorder() |
Check if user can reorder records |
Generated permissions: view_any_user, view_user, create_user, update_user, delete_user, restore_user, force_delete_user, replicate_user, reorder_user
Field Permissions
Control visibility and editability of form fields:
Generated permissions: view_field_user_email, update_field_user_email, view_field_user_salary, update_field_user_salary
Column Permissions
Control table column visibility:
Generated permissions: view_column_user_email, view_column_user_salary
Action Permissions
Control custom action execution:
Generated permissions: execute_user_export_action
Page Permissions
Control access to custom Filament pages:
Generated permissions: view_settings_page
Widget Permissions
Control widget visibility:
Generated permissions: view_stats_overview_widget
Relation Permissions
Control access to relation managers:
Generated permissions: view_relation_user_roles, view_relation_user_posts
Auto-Discovery — Field & Column Detection
Filament Gatekeeper can automatically discover which fields and columns need permissions, so you don't have to list them manually. Discovery is configured separately for fields (form inputs) and columns (table display).
Key concept: When you enable discovery, Gatekeeper scans your application using one or more sources and generates permissions for every discovered field/column. You control which sources are used, what order they're checked, and which fields/columns to exclude.
How It Works
When multiple sources are configured, results from all sources are merged and deduplicated — you will never get duplicate permissions even if the same field appears in multiple sources.
Field Discovery
Field discovery detects form fields that should have view and update permissions.
Available Sources
| Source | How It Works | Best For |
|---|---|---|
fillable |
Reads the model's `$fillable` property via reflection — no database connection or model instantiation needed. | **Recommended default.** Fast, predictable, and only includes fields you've explicitly marked as fillable in your model. |
database |
Queries the database schema using `Schema::getColumnListing()` to get every column from the model's table. | Full coverage of all database columns. Use when you want permissions for every column, not just fillable ones. Pair with exclusions to filter out system columns. |
resource |
Parses the PHP source code of the Filament Resource's `form()` method. Detects field names from calls like `TextInput::make('name')`, `Select::make('role')`, `DatePicker::make('birth_date')`, etc. | Matches permissions exactly to your Filament form definition. Only fields that actually appear in the UI get permissions. |
config |
Reads from the `field_permissions` array in `config/gatekeeper.php`. Supports a global `'*'` key that applies to all models. | Full manual control. Use when you want to explicitly list every field per model. Useful as an override alongside other sources. |
Source Combinations
You can combine multiple sources. Results are merged and deduplicated automatically.
Deduplication: If
$fillableandfield_permissionsconfig, it only generates one set of permissions — never duplicates.
Excluding Fields
Control which fields are excluded from discovery at three levels:
| Level | Key | Scope |
|---|---|---|
| Default | default_excluded |
Removed from all models — system fields like id, created_at |
| Global | excluded.* |
Removed from all models — sensitive fields like password |
| Per-model | excluded.ModelName |
Removed from a specific model only |
All three levels are combined before filtering. A field excluded at any level will not get permissions.
Sensitive Field Detection
Gatekeeper can flag fields as sensitive based on name patterns. This is used for reporting and UI indicators, not for blocking discovery.
A field is considered sensitive if its name contains any of these patterns (case-insensitive). For example, user_password_hash matches password.
Manual Field Permissions (No Discovery)
If you prefer full manual control, keep discovery disabled and list fields explicitly:
*Global `
key:** Fields listed under'*'` are merged into every model's field list. Duplicates are automatically removed.
Generated Permission Names
For each discovered field, Gatekeeper generates permissions using these prefixes:
| Prefix | Permission Name | Purpose |
|---|---|---|
view |
view_{model}_{field}_field |
Can the user see this field? |
update |
update_{model}_{field}_field |
Can the user edit this field? |
Example: For User model with field salary:
view_user_salary_fieldupdate_user_salary_field
Column Discovery
Column discovery detects table columns that should have view permissions.
Available Sources
| Source | How It Works | Best For |
|---|---|---|
database |
Queries the database schema using `Schema::getColumnListing()` to get every column from the model's table. | **Recommended default.** Full coverage of all displayable columns. Pair with exclusions to filter out sensitive data. |
resource |
Parses the PHP source code of the Filament Resource's `table()` method. Detects column names from calls like `TextColumn::make('name')`, `BadgeColumn::make('status')`, `BooleanColumn::make('is_active')`, etc. Handles dot-notation like `user.name` (extracts `user`). | Matches permissions exactly to your Filament table definition. Only columns that actually appear in the UI get permissions. |
config |
Reads from the `column_permissions` array in `config/gatekeeper.php`. Supports a global `'*'` key that applies to all models. | Full manual control. Use when you want to explicitly list every column per model. |
Note: Column discovery does not have a
fillablesource, because table columns are read-only and$fillableonly applies to writable attributes.
Source Combinations
Deduplication: Same as fields — if a column appears in multiple sources, it only generates one permission.
Excluding Columns
Control which columns are excluded from discovery at three levels:
| Level | Key | Scope |
|---|---|---|
| Default | default_excluded |
Removed from all models — sensitive columns like password |
| Global | excluded.* |
Removed from all models — your custom global exclusions |
| Per-model | excluded.ModelName |
Removed from a specific model only |
Sensitive Column Detection
Manual Column Permissions (No Discovery)
Generated Permission Names
For each discovered column, Gatekeeper generates permissions using this prefix:
| Prefix | Permission Name | Purpose |
|---|---|---|
view |
view_{model}_{column}_column |
Can the user see this column? |
Example: For User model with column salary:
view_user_salary_column
Field vs Column Discovery Comparison
| Feature | Field Discovery | Column Discovery |
|---|---|---|
| Available sources | fillable, database, resource, config |
database, resource, config |
| Default sources | ['fillable'] |
['config', 'database'] |
| Permission prefixes | view, update |
view |
| Permission suffix | _field |
_column |
Supports fillable source |
Yes | No |
| *Supports `` global key** | Yes | Yes |
| Deduplication | Yes | Yes |
| Exclusions | 3 levels | 3 levels |
| Sensitive detection | Yes | Yes |
Sync Commands for Discovery
Permission Management
Delete Permissions
Sync Permissions
API Permissions
Middleware
Single permission check:
Auto CRUD permissions:
Register middleware in bootstrap/app.php (Laravel 11+):
Controller Permissions
There are four ways to handle permissions in controllers — choose the approach that fits your needs.
Option 1: Route-Level Middleware (Recommended)
Zero controller code — apply gatekeeper.resource:ModelName on your apiResource route:
Auto-mapping:
| HTTP Method | URL | Permission Checked |
|---|---|---|
GET |
/users |
view_any_user |
GET |
/users/{id} |
view_user |
POST |
/users |
create_user |
PUT / PATCH |
/users/{id} |
update_user |
DELETE |
/users/{id} |
delete_user |
Your controller stays completely clean:
Option 2: Constructor-Level Middleware
Use $this->middleware() in the constructor to apply permissions once for the whole controller:
Option 3: Per-Route Middleware
Use gatekeeper.api:permission directly on individual routes for custom or non-standard routes:
Option 4: Per-Method (Manual Trait)
Use HasApiPermissions trait for full control inside each method:
Available trait methods:
| Method | Permission Checked |
|---|---|
$this->authorizeIndex() |
view_any_{model} |
$this->authorizeShow($model) |
view_{model} |
$this->authorizeStore() |
create_{model} |
$this->authorizeUpdate($model) |
update_{model} |
$this->authorizeDestroy($model) |
delete_{model} |
$this->authorizeRestore($model) |
restore_{model} |
$this->authorizeForceDelete($model) |
force_delete_{model} |
$this->authorizePermission('custom_perm') |
Any custom permission |
$this->canIndex() |
Returns bool for view_any_{model} |
$this->canStore() |
Returns bool for create_{model} |
$this->canPerform('action', $model) |
Returns bool for any action |
$this->canViewField('field') |
Returns bool for field visibility |
$this->canUpdateField('field') |
Returns bool for field editability |
$this->canViewColumn('column') |
Returns bool for column visibility |
$this->canExecuteAction('action') |
Returns bool for custom action |
$this->getVisibleFields() |
Returns array of allowed fields |
$this->getVisibleColumns() |
Returns array of allowed columns |
$this->filterByPermissions($model) |
Returns model data filtered by field permissions |
Choosing an approach:
| Approach | When to use |
|---|---|
Route middleware (gatekeeper.resource) |
Standard apiResource routes — cleanest, no controller code |
| Constructor middleware | Non-resourceful controllers or explicit per-method mapping in one place |
Per-route middleware (gatekeeper.api) |
Custom/non-standard routes with specific permissions |
| Trait per-method | When you need conditional logic, model-instance checks, or field/column filtering |
API Resources
Gatekeeper Facade
Commands
| Command | Description |
|---|---|
gatekeeper:install |
Run complete installation |
gatekeeper:sync |
Synchronize all permissions |
gatekeeper:delete |
Delete field/column/model permissions |
gatekeeper:clear-cache |
Clear permission cache |
Creating Resources, Pages & Widgets
Filament Gatekeeper does not ship its own make commands. Use Filament's built-in commands after publishing Gatekeeper's stubs so generated classes include Gatekeeper permissions:
1. Publish stubs (once):
2. Create with Filament / Laravel:
| Command | Stub Used | Result |
|---|---|---|
php artisan make:filament-resource ModelName |
stubs/filament/Resource.stub |
Extends GatekeeperResource |
php artisan make:filament-page YourPage |
stubs/filament/Page.stub |
Adds HasPagePermissions |
php artisan make:filament-widget WidgetName |
stubs/filament/Widget.stub |
Adds HasWidgetPermissions |
Quick Reference
Permission Types
| Type | Description | Example |
|---|---|---|
resource |
Filament resource CRUD | view_any_user |
page |
Filament custom pages | view_settings_page |
widget |
Filament widgets | view_stats_overview_widget |
field |
Form field access | view_field_user_email |
column |
Table column access | view_column_user_salary |
action |
Custom actions | execute_user_export_action |
relation |
Relation managers | view_relation_user_roles |
model |
API-only models | view_product |
Traits Reference
| Trait | Purpose |
|---|---|
HasResourcePermissions |
Resource CRUD permissions |
HasFieldPermissions |
Form field permissions |
HasColumnPermissions |
Table column permissions |
HasActionPermissions |
Custom action permissions |
HasRelationPermissions |
Relation manager permissions |
HasPagePermissions |
Page access permissions |
HasWidgetPermissions |
Widget visibility permissions |
HasApiPermissions |
Controller permission helpers |
Base Classes
| Class | Extends | Purpose |
|---|---|---|
GatekeeperResource |
Filament\Resources\Resource |
Resources with permissions |
GatekeeperPage |
Filament\Pages\Page |
Pages with permissions |
GatekeeperWidget |
Filament\Widgets\Widget |
Widgets with permissions |
GatekeeperAuthenticatable |
Authenticatable |
User model with HasRoles |
GatekeeperApiResource |
JsonResource |
API resources with permissions |
Middleware
| Middleware | Alias | Purpose |
|---|---|---|
GatekeeperApiMiddleware |
gatekeeper.api |
Single permission check |
GatekeeperResourceMiddleware |
gatekeeper.resource |
Auto CRUD permissions |
Contributing
Please see DEVELOPMENT.md for details on package architecture, development setup, and contribution guidelines.
Security
If you discover any security-related issues, please email [email protected] instead of using the issue tracker.
Credits
- LaraArabDev
- All Contributors
License
The MIT License (MIT). Please see the License File for more information.
All versions of filament-gatekeeper with dependencies
filament/filament Version ^5.0
illuminate/contracts Version ^11.0|^12.0
spatie/laravel-package-tools Version ^1.15
spatie/laravel-permission Version ^6.0|^7.0