PHP download

Download the PHP package modularize-rbac/laravel without Composer

On this page you can find all versions of the php package modularize-rbac/laravel. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download modularize-rbac/laravel
More information about modularize-rbac/laravel
Files in modularize-rbac/laravel

Vendor modularize-rbac
Package laravel
Short Description Laravel bridge for modularize-rbac/core: Eloquent repositories, HTTP controllers, migrations, and optional Spatie permissions adapter.
License MIT

Keywords i18n modules laravel roles permissions rbac access-control spatie

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of modularize-rbac/laravel

Informations about the package laravel

modularize-rbac/laravel

Laravel bridge for modularize-rbac/core. Ships Eloquent repositories, HTTP controllers, FormRequests, migrations, an audit log pipeline, console commands, and an optional Spatie permission adapter.

What v2.0 ships

A drop-in admin RBAC layer with:

Modules — feature catalog with hierarchy, soft-delete, sort order, i18n.
Roles — guard-scoped, tenant-aware, level-ordered, system-flag protected.
Permissions — {slug}.{action} names, package-owned (Spatie is optional).
Role × Module matrix — flag-based UI translated to action names by a domain service.
Languages + Translations — polymorphic translations with locale fallback.
REST API — /api/admin/modules, /roles, /languages, /audit.
Audit log — every domain event is auto-persisted to access_audit_log.
HasAccessPermissions trait — drop on your User to make $user->can('events.view') work without Spatie.
AccessAdminPolicy — turn-key Gate::before for the package's admin.* abilities.
Console commands — access:diagnose, access:sync-spatie, access:audit.
Spatie integration is opt-in — the package works whether or not spatie/laravel-permission is installed.

Architecture

Quickstart

From a fresh Laravel 11 / 12 host to a first authorized request in roughly five minutes.

1. Install

The seeder demonstrates the canonical flow (CreateModule → CreateRole → SyncRoleModules use-cases) and creates three modules + admin/viewer roles wired up correctly. Edit it to match your app, or read it as documentation and write your own.

2. Wire the User model

3. Seed a module, a role, and a binding

4. Use it

5. (Optional) Hit the admin API

The admin REST surface lives under config('access.route_prefix') (default api/admin). With a bearer token whose User has admin.modules.view:

That's the full path. The rest of this README is configuration knobs, the full REST table, and architecture details.

Install

Edit config/access.php and point tenant_model at your tenant class or leave null for single-tenant setups.

Host wiring

`config/auth.php`

Define the admin guard the package defaults to:

`HasAccessPermissions` on your User

Provides:

$user->rbacRoles() BelongsToMany via the role_user pivot
$user->canAccess('events.view') — direct lookup against the package schema

The AccessServiceProvider registers Gate::before so $user->can('events.view') works through Laravel's normal authorization flow.

Tenant context (optional)

Multi-tenant hosts bind the current tenant id in the container from their tenant-resolution middleware:

TenantContext::currentTenantId() reads this value. Single-tenant hosts never bind the key.

Spatie integration (optional)

spatie/laravel-permission is in suggest since v2.0. Install it alongside if you want role_has_permissions kept in sync (so Spatie's HasRoles trait keeps working on a different User model):

REST API

All routes under config('access.route_prefix') (default api/admin):

Method	URL	Action
GET	/modules	List modules
POST	/modules	Create
GET	/modules/{id}	Show
PUT	/modules/{id}	Update
DELETE	/modules/{id}	Soft delete
GET	/roles	List roles
GET	/roles/{id}	Show + matrix
PUT	/roles/{id}	Update display_name + translations
PUT	/roles/{id}/modules	Sync the role's permission matrix
GET	/languages	List
POST	/languages	Create
GET	/languages/{id}	Show
PUT	/languages/{id}	Update
DELETE	/languages/{id}	Delete (rejects default)
PUT	/languages/{id}/default	Mark as default
GET	/audit	List audit entries (`?event=&actor_id=&tenant_id=&since=&until=&limit=&offset=`)

Frontend & SDK

The bridge ships an openapi.json at the repo root that is the source of truth for two companion npm packages and a Postman collection.

TypeScript SDK — `@modularize-rbac/sdk-ts`

Spec-derived types + a thin openapi-fetch wrapper. Zero runtime cost when imported type-only.

Or use types only:

React admin components — `@modularize-rbac/admin-react`

Drop-in admin UI built on Radix Themes + React Query: <RolesPage />, <ModulesTreeEditor />, <LanguagesAdmin />, <AuditViewer />, <AccessGuard />. Each component renders against the same openapi.json so they always match the API the bridge exposes.

Storybook with mock data lives in frontend/ — every component has a story.

Postman collection

Regenerated from the same spec, committed at postman.json. Drag it into Postman or Insomnia to get all endpoints with example bodies. The sdk-ts-drift CI gate keeps both the TS types and the Postman collection in lockstep with openapi.json.

Console commands

php artisan access:diagnose — pre-deploy health check.
php artisan access:sync-spatie [--dry-run] — force resync of every role-module binding into Spatie's pivot.
php artisan access:audit [--event= --actor= --tenant= --since= --until= --limit= --format=table|json] — query the audit log.

Authorization model

Two layers:

User layer — Gate::before (registered by the ServiceProvider) calls $user->canAccess($ability) when the User has the HasAccessPermissions trait. Resolves events.view-style abilities directly from role_user + role_module_permission + module_permissions.
Admin layer — AccessAdminPolicy (the default config('access.policies.admin')) wraps the same canAccess() check but scoped to admin.* abilities the package's use-cases consult (admin.modules.view, admin.audit.view, ...). Hosts override via config.

To grant admin.modules.view, create a module with slug admin.modules, bind it to a role with is_reading_allowed = true, and assign the role to the user via role_user.

Calling use-cases directly

Every use-case is container-resolvable:

Telemetry recipes

The package dispatches two Laravel events for hosts that want observability hooks without patching the bridge:

ModularizeRbac\Laravel\Events\Telemetry\AbilityResolved — fires at the end of every $user->can(...) call with ability, allowed, source (direct|ancestor|inheritance|none|malformed), and durationMicros.
ModularizeRbac\Laravel\Events\Telemetry\CacheLookup — fires on every read through the language + module read-cache decorators with namespace, key, hit, and version.

Listener exceptions are caught by the package, so a faulty telemetry listener can't break authorization or cache reads.

Sentry spans

Prometheus via `spatie/laravel-prometheus`

Structured JSON log (Logstash / OpenSearch)

Audit log failure level

The audit listener catches persistence failures (DB down, encoding quirk) so the main domain flow always completes. The level at which those failures land in the Laravel log is configurable:

Set to false to swallow the failure silently for hosts that already trap audit issues upstream.

Upgrading

UPGRADING.md — consolidated upgrade guide for v2.0 → v2.1, v1.x → v2.0, and casamento/rbac → v1.0.
CHANGELOG.md — full history with all additive changes and bugfixes.

Layout

All versions of laravel with dependencies

PHP Build Version

Package Version

Version v2.8.1 Release 26. May 2026
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of laravel from vendor modularize-rbac

Requires php Version ^8.2
laravel/framework Version ^11.0|^12.0
modularize-rbac/core Version ^1.9

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package modularize-rbac/laravel contains the following files

Loading the files please wait ...