How do I install directorytree/authorization in a Laravel project?

Run `composer require directorytree/authorization`, then publish migrations with `php artisan migrate`. Add the `Authorizable` trait to your `User` model to enable role/permission checks. No additional configuration is needed for basic usage.

Does this package work with Laravel 13? What about older versions?

Yes, it supports Laravel 9 through 13. The package is tested against PHP 8.0+ (Laravel 9+) and PHP 8.1+ (Laravel 10+), ensuring compatibility with modern Laravel stacks. Check the [GitHub repo](https://github.com/DirectoryTree/Authorization) for version-specific notes.

Can I use custom models (e.g., Role, Permission) instead of the defaults?

Absolutely. The package is modular—you can publish and customize migrations/models via `php artisan vendor:publish --tag=authorization-migrations`. Override the default `Role`, `Permission`, or `User` models by binding them in the service provider.

How does caching work, and do I need Redis?

Caching is optional but recommended for performance. The package uses Laravel’s cache driver (file, database, Redis, etc.) to store permission/role checks. No Redis is required—default file caching works out of the box. Configure cache keys in the `config/authorization.php` file.

Will this conflict with my existing Gates or Policies?

No, it integrates seamlessly. The `Authorizable` trait extends Laravel’s native `can()` and `authorize()` methods, so existing Gates/Policies continue working. You can also register custom Gates via the `PermissionRegistrar` for hybrid authorization logic.

How do I restrict routes using roles/permissions?

Use the built-in middleware: `role:admin` or `permission:edit-posts` in route definitions. For dynamic checks, inject the `AuthorizationService` into controllers or use `@can` directives in Blade templates. Middleware throws 403 errors by default.

What’s the best way to test role/permission logic?

Mock the `PermissionRegistrar` in tests to avoid database dependencies. Use `Authorization::shouldReceive('userHasPermission')->andReturn(true)` for unit tests. For middleware, test HTTP responses with `actingAs()` and route assertions in PHPUnit.

Can I migrate existing role/permission tables to this package?

Yes, but you’ll need to manually align your schema. Publish the default migrations (`vendor:publish --tag=authorization-migrations`), then modify them to match your existing tables. Seed initial roles/permissions using Laravel’s seeder classes.

What happens if caching is disabled or misconfigured?

Performance may degrade due to repeated database queries. The package falls back to direct Eloquent checks, but race conditions can occur during permission updates. Always enable caching in production and validate cache keys in `config/authorization.php`.

Are there alternatives to this package for Laravel RBAC?

Yes, consider `spatie/laravel-permission` (more features, larger community) or `nWidart/laravel-modules` (for modular RBAC). This package stands out for its minimal setup, native Laravel integration, and caching optimizations. Compare based on your need for customization vs. simplicity.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Authorization Laravel Package

directorytree/authorization

Native, easy role & permission management for Laravel. Adds migrations and an Authorizable trait to your User model for role/permission checks, optional custom migrations/models, caching, gate registration, middleware, and testing support.

View on GitHub

Deep Wiki

Context7

directorytree/authorization provides a native, Laravel-friendly roles & permissions system that plugs into your app with minimal setup. It ships with ready-to-run migrations, an Authorizable trait for your User model, and helpers to consistently check access across your application.

Designed to feel like first-party Laravel, it supports gate registration, middleware, and caching so authorization stays fast and maintainable as your app grows.

Features

Role & permission management with database-backed tables
Simple checks for permissions and roles via an Authorizable trait
Built-in Gate integration for centralized authorization rules
Optional middleware for route-level access control
Cache support to reduce repeated permission lookups

Frequently asked questions about Authorization

How do I install directorytree/authorization in a Laravel project?: Run `composer require directorytree/authorization`, then publish migrations with `php artisan migrate`. Add the `Authorizable` trait to your `User` model to enable role/permission checks. No additional configuration is needed for basic usage.
Does this package work with Laravel 13? What about older versions?: Yes, it supports Laravel 9 through 13. The package is tested against PHP 8.0+ (Laravel 9+) and PHP 8.1+ (Laravel 10+), ensuring compatibility with modern Laravel stacks. Check the [GitHub repo](https://github.com/DirectoryTree/Authorization) for version-specific notes.
Can I use custom models (e.g., Role, Permission) instead of the defaults?: Absolutely. The package is modular—you can publish and customize migrations/models via `php artisan vendor:publish --tag=authorization-migrations`. Override the default `Role`, `Permission`, or `User` models by binding them in the service provider.
How does caching work, and do I need Redis?: Caching is optional but recommended for performance. The package uses Laravel’s cache driver (file, database, Redis, etc.) to store permission/role checks. No Redis is required—default file caching works out of the box. Configure cache keys in the `config/authorization.php` file.
Will this conflict with my existing Gates or Policies?: No, it integrates seamlessly. The `Authorizable` trait extends Laravel’s native `can()` and `authorize()` methods, so existing Gates/Policies continue working. You can also register custom Gates via the `PermissionRegistrar` for hybrid authorization logic.
How do I restrict routes using roles/permissions?: Use the built-in middleware: `role:admin` or `permission:edit-posts` in route definitions. For dynamic checks, inject the `AuthorizationService` into controllers or use `@can` directives in Blade templates. Middleware throws 403 errors by default.
What’s the best way to test role/permission logic?: Mock the `PermissionRegistrar` in tests to avoid database dependencies. Use `Authorization::shouldReceive('userHasPermission')->andReturn(true)` for unit tests. For middleware, test HTTP responses with `actingAs()` and route assertions in PHPUnit.
Can I migrate existing role/permission tables to this package?: Yes, but you’ll need to manually align your schema. Publish the default migrations (`vendor:publish --tag=authorization-migrations`), then modify them to match your existing tables. Seed initial roles/permissions using Laravel’s seeder classes.
What happens if caching is disabled or misconfigured?: Performance may degrade due to repeated database queries. The package falls back to direct Eloquent checks, but race conditions can occur during permission updates. Always enable caching in production and validate cache keys in `config/authorization.php`.
Are there alternatives to this package for Laravel RBAC?: Yes, consider `spatie/laravel-permission` (more features, larger community) or `nWidart/laravel-modules` (for modular RBAC). This package stands out for its minimal setup, native Laravel integration, and caching optimizations. Compare based on your need for customization vs. simplicity.

View on GitHub

Stars

179

Favorites

180

Forks

Score

23.5

License

MIT

Last release

Mar 26, 2026

Watchers

Downloads

319/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

enqueue/dsn

bunny/bunny

enqueue/test

enqueue/null

enqueue/amqp-tools

milesj/emojibase

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport