Download the PHP package sefirosweb/laravel-access-list without Composer
On this page you can find all versions of the php package sefirosweb/laravel-access-list. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download sefirosweb/laravel-access-list
More information about sefirosweb/laravel-access-list
Files in sefirosweb/laravel-access-list
Package laravel-access-list
Short Description Package for made a simply crud database for advance access list for application with middleware check
License MIT
Informations about the package laravel-access-list
Laravel Access List
ACL package for Laravel: roles, access lists, and a route middleware to gate your app by permission name.
The design goal is to stay out of your auth flow — this package does not manage users, sessions or authentication. It only answers the question "does the currently authenticated user have access to ACL foo?".
Requirements
- PHP
^8.3 - Laravel
^13.0
Older majors of Laravel live on separate branches (12.x, 9.x) and only receive critical fixes.
Installation
The service provider auto-registers via Laravel's package discovery.
Run the migrations:
This creates four tables and seeds two roles and three access lists:
| Role | Seeded access lists |
|---|---|
admin |
admin |
acl |
acl_view, acl_edit |
The admin access list is a superuser marker: any user whose roles include it passes every checkAcl:* check regardless of the ACL name.
Configuration
Publish the config if you want to change the prefix, middleware stack, or override the user model:
Default config/laravel-access-list.php:
prefix: the URL prefix for the bundled admin UI (/acl/...).middleware: the middleware stack applied to those routes.AccessList/Role/User: model classes the package resolves at runtime. The defaults point to the bundled models so the package works out of the box. See Customizing the User model below if you want to use your own.
Publish the admin UI assets:
Customizing the User model
The package ships with Sefirosweb\LaravelAccessList\Http\Models\User, fully usable out of the box. Most production apps will want to point at their own App\Models\User instead (so it carries auth scaffolding, custom columns, casts, etc.). This follows the same pattern as spatie/laravel-permission: the config defaults to the package's model, you override it for your app.
Recommended: extend the package model
This is the simplest and most forward-compatible way — your model inherits roles(), getRules(), changeRules(), $fillable, $hidden for free, and you only redeclare what you need to customize.
That's it. The bundled /acl UI now operates on your App\Models\User.
Alternative: keep your model independent
If you can't extend (e.g. your App\Models\User already extends a base class from another package), the bundled UserController is tolerant — it guards calls to getRules() / changeRules() with method_exists(), so missing those methods just disables the package's input validation (you can plug in your own FormRequest instead). The only hard requirement is the roles() relation, used by the "Roles del user" modal:
If you also want the package to validate user input on POST /acl/users and PUT /acl/users, add the static getRules() and instance changeRules() methods (signatures match the bundled User).
Usage
1. Protect routes with the checkAcl middleware
The service provider registers the middleware alias checkAcl automatically.
Behaviour when denied:
- JSON / AJAX requests →
401with{"message": "You don't have permissions for this site"}. - Regular requests → redirect to
/.
2. Manage roles and access lists programmatically
3. Manage from the bundled UI
After publishing assets and enabling the package routes, browse to /acl to use the bundled admin UI for creating roles, access lists, and assigning them to users.
The UI is a React 19 + TanStack Query SPA, fully self-contained — no CDN, no external assets. It talks to the package's REST endpoints under /acl/*. Translations ship in ES and EN with browser-language detection and a manual switcher in the top nav.
Users
Groups (a.k.a. roles)
Access lists
Relations drawer — click the count badge on any row to open a searchable, paginated picker with a Name / Assigned sort toggle. Toggles are optimistic with rollback on error.
Soft-deleted users
If your User model uses Illuminate\Database\Eloquent\SoftDeletes, the listing exposes an Active / All / Deleted segmented filter and trashed rows show a "Deleted" badge plus a Restore action. The package detects soft delete support automatically by inspecting the configured model's traits (GET /acl/get_user_fillable_data returns the schema the form should render).
Custom user columns
The Edit/New drawer renders form inputs from the $fillable of the configured User model. If your App\Models\User adds extra columns, they show up automatically with the right input type (string → text, hidden → password, int → number, timestamp → datetime). No need to fork the package frontend.
Demo seeder
For local development the package ships Sefirosweb\LaravelAccessList\Seeders\AclDemoSeeder (100 users, 15 roles, 50 access lists with random many-to-many wiring). Run it from your host's DatabaseSeeder:
Or directly: php artisan db:seed --class="Sefirosweb\\LaravelAccessList\\Seeders\\AclDemoSeeder". The seeder is idempotent on roles and access lists (firstOrCreate) and skips inserting users when the table already has 100 rows, so it's safe to re-run.
4. Check ACL from your own code
Testing
The package ships an Orchestra Testbench suite covering middleware behaviour, migrations, and role management.
The full suite uses SQLite :memory: and does not need a host Laravel app.
When working from the laravel-test harness with Sail:
Versioning
Major versions are aligned with Laravel majors (13.x, 12.x, 11.x, 9.x …). See the root CLAUDE.md of the test harness for the full policy.
License
MIT.