Download the PHP package sefirosweb/laravel-access-list without Composer

On this page you can find all versions of the php package sefirosweb/laravel-access-list. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package laravel-access-list

Laravel Access List

ACL package for Laravel: roles, access lists, and a route middleware to gate your app by permission name.

The design goal is to stay out of your auth flow — this package does not manage users, sessions or authentication. It only answers the question "does the currently authenticated user have access to ACL foo?".

Requirements

Older majors of Laravel live on separate branches (12.x, 9.x) and only receive critical fixes.

Installation

The service provider auto-registers via Laravel's package discovery.

Run the migrations:

This creates four tables and seeds two roles and three access lists:

Role Seeded access lists
admin admin
acl acl_view, acl_edit

The admin access list is a superuser marker: any user whose roles include it passes every checkAcl:* check regardless of the ACL name.

Configuration

Publish the config if you want to change the prefix, middleware stack, or override the user model:

Default config/laravel-access-list.php:

Publish the admin UI assets:

Customizing the User model

The package ships with Sefirosweb\LaravelAccessList\Http\Models\User, fully usable out of the box. Most production apps will want to point at their own App\Models\User instead (so it carries auth scaffolding, custom columns, casts, etc.). This follows the same pattern as spatie/laravel-permission: the config defaults to the package's model, you override it for your app.

Recommended: extend the package model

This is the simplest and most forward-compatible way — your model inherits roles(), getRules(), changeRules(), $fillable, $hidden for free, and you only redeclare what you need to customize.

That's it. The bundled /acl UI now operates on your App\Models\User.

Alternative: keep your model independent

If you can't extend (e.g. your App\Models\User already extends a base class from another package), the bundled UserController is tolerant — it guards calls to getRules() / changeRules() with method_exists(), so missing those methods just disables the package's input validation (you can plug in your own FormRequest instead). The only hard requirement is the roles() relation, used by the "Roles del user" modal:

If you also want the package to validate user input on POST /acl/users and PUT /acl/users, add the static getRules() and instance changeRules() methods (signatures match the bundled User).

Usage

1. Protect routes with the checkAcl middleware

The service provider registers the middleware alias checkAcl automatically.

Behaviour when denied:

2. Manage roles and access lists programmatically

3. Manage from the bundled UI

After publishing assets and enabling the package routes, browse to /acl to use the bundled admin UI for creating roles, access lists, and assigning them to users.

The UI is a React 19 + TanStack Query SPA, fully self-contained — no CDN, no external assets. It talks to the package's REST endpoints under /acl/*. Translations ship in ES and EN with browser-language detection and a manual switcher in the top nav.

Users

Groups (a.k.a. roles)

Access lists

Relations drawer — click the count badge on any row to open a searchable, paginated picker with a Name / Assigned sort toggle. Toggles are optimistic with rollback on error.

Soft-deleted users

If your User model uses Illuminate\Database\Eloquent\SoftDeletes, the listing exposes an Active / All / Deleted segmented filter and trashed rows show a "Deleted" badge plus a Restore action. The package detects soft delete support automatically by inspecting the configured model's traits (GET /acl/get_user_fillable_data returns the schema the form should render).

Custom user columns

The Edit/New drawer renders form inputs from the $fillable of the configured User model. If your App\Models\User adds extra columns, they show up automatically with the right input type (string → text, hidden → password, int → number, timestamp → datetime). No need to fork the package frontend.

Demo seeder

For local development the package ships Sefirosweb\LaravelAccessList\Seeders\AclDemoSeeder (100 users, 15 roles, 50 access lists with random many-to-many wiring). Run it from your host's DatabaseSeeder:

Or directly: php artisan db:seed --class="Sefirosweb\\LaravelAccessList\\Seeders\\AclDemoSeeder". The seeder is idempotent on roles and access lists (firstOrCreate) and skips inserting users when the table already has 100 rows, so it's safe to re-run.

4. Check ACL from your own code

Testing

The package ships an Orchestra Testbench suite covering middleware behaviour, migrations, and role management.

The full suite uses SQLite :memory: and does not need a host Laravel app.

When working from the laravel-test harness with Sail:

Versioning

Major versions are aligned with Laravel majors (13.x, 12.x, 11.x, 9.x …). See the root CLAUDE.md of the test harness for the full policy.

License

MIT.


All versions of laravel-access-list with dependencies

PHP Build Version
Package Version
Requires php Version ^8.3
laravel/framework Version ^13.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package sefirosweb/laravel-access-list contains the following files

Loading the files please wait ...