How do I install DirectoryTree/Authorization in a Laravel 11 project?

Run `composer require directorytree/authorization`, then execute `php artisan migrate` to set up the roles and permissions tables. Finally, add the `Authorizable` trait to your `User` model. The package auto-registers its migrations and service provider, so no additional configuration is needed for basic usage.

Does this package support Laravel 13’s new middleware enhancements?

Yes, the package fully supports Laravel 13 and integrates with its middleware system. You can use the built-in `RoleMiddleware` and `PermissionMiddleware` for route-level authorization, which works seamlessly with Laravel’s middleware groups and API resource routing.

Can I customize the migrations or models without breaking existing database schemas?

Absolutely. Use `Authorization::ignoreMigrations()` in your `AppServiceProvider` to skip default migrations, then publish them with `php artisan vendor:publish --tag=authorization-migrations` to modify them. For models, extend the provided `Role` or `Permission` classes or publish the models for customization.

How does caching work, and can I disable it for testing?

The package caches permissions and roles by default for performance, with a daily expiry. Disable caching in tests by setting `Authorization::cacheExpiresIn(0)` or mocking the `PermissionRegistrar` in your test cases. For production, ensure caching is enabled to avoid database latency.

Will this package conflict with my existing Laravel Gates or Policies?

The package registers permissions as Gates under the hood, so existing Gates won’t conflict. However, Policies (e.g., `PostPolicy`) aren’t natively integrated—you’ll need to manually bridge them. Audit your current Gates and replace simple checks (e.g., `can('edit-post')`) first to avoid disruptions.

Does DirectoryTree/Authorization support role hierarchies (e.g., admin → manager → user)?

No, the package doesn’t include hierarchical roles out of the box. You can manually implement inheritance by extending the `Role` model or using a separate package like `spatie/laravel-permission`. Alternatively, denormalize roles in a pivot table to simulate hierarchies.

How do I test permission checks in PHPUnit without flaky results?

Mock the `PermissionRegistrar` in your `TestCase` setup to avoid cache inconsistencies. For example, use `Authorization::setTestMode(true)` or manually register test permissions in `setUp()`. Always reset the cache or permissions after tests to prevent state pollution.

Is this package suitable for high-traffic applications with frequent permission updates?

Yes, but configure caching aggressively (e.g., Redis) and set short expiry times (e.g., hourly) for dynamic permissions. For bulk updates, queue permission assignments using Laravel’s queue system to avoid race conditions. Monitor cache hit ratios to optimize performance.

Can I use this for multi-tenant applications, and how do I scope permissions?

Yes, but you’ll need to scope the `Role` and `Permission` models to the current tenant. Use Laravel’s `GlobalScope` or middleware to filter queries by tenant ID. Alternatively, prefix permission names with tenant identifiers (e.g., `tenant1:users.create`).

What are the alternatives to DirectoryTree/Authorization for Laravel RBAC?

Popular alternatives include `spatie/laravel-permission` (more feature-rich, with hierarchical roles and audit logs) and `nWidart/laravel-modules` (for modular RBAC). Choose `DirectoryTree/Authorization` if you prefer native Laravel integration and minimal dependencies, or `spatie/laravel-permission` if you need advanced features like permission inheritance.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Authorization Laravel Package

directorytree/authorization

Native role & permission management for Laravel. Install via Composer, run migrations, add the Authorizable trait to your User model, then check roles/permissions, use caching, gate registration, and middleware. Includes customizable migrations/models and tests.

View on GitHub

Deep Wiki

Context7

Native Laravel Authorization.

Frequently asked questions about Authorization

How do I install DirectoryTree/Authorization in a Laravel 11 project?: Run `composer require directorytree/authorization`, then execute `php artisan migrate` to set up the roles and permissions tables. Finally, add the `Authorizable` trait to your `User` model. The package auto-registers its migrations and service provider, so no additional configuration is needed for basic usage.
Does this package support Laravel 13’s new middleware enhancements?: Yes, the package fully supports Laravel 13 and integrates with its middleware system. You can use the built-in `RoleMiddleware` and `PermissionMiddleware` for route-level authorization, which works seamlessly with Laravel’s middleware groups and API resource routing.
Can I customize the migrations or models without breaking existing database schemas?: Absolutely. Use `Authorization::ignoreMigrations()` in your `AppServiceProvider` to skip default migrations, then publish them with `php artisan vendor:publish --tag=authorization-migrations` to modify them. For models, extend the provided `Role` or `Permission` classes or publish the models for customization.
How does caching work, and can I disable it for testing?: The package caches permissions and roles by default for performance, with a daily expiry. Disable caching in tests by setting `Authorization::cacheExpiresIn(0)` or mocking the `PermissionRegistrar` in your test cases. For production, ensure caching is enabled to avoid database latency.
Will this package conflict with my existing Laravel Gates or Policies?: The package registers permissions as Gates under the hood, so existing Gates won’t conflict. However, Policies (e.g., `PostPolicy`) aren’t natively integrated—you’ll need to manually bridge them. Audit your current Gates and replace simple checks (e.g., `can('edit-post')`) first to avoid disruptions.
Does DirectoryTree/Authorization support role hierarchies (e.g., admin → manager → user)?: No, the package doesn’t include hierarchical roles out of the box. You can manually implement inheritance by extending the `Role` model or using a separate package like `spatie/laravel-permission`. Alternatively, denormalize roles in a pivot table to simulate hierarchies.
How do I test permission checks in PHPUnit without flaky results?: Mock the `PermissionRegistrar` in your `TestCase` setup to avoid cache inconsistencies. For example, use `Authorization::setTestMode(true)` or manually register test permissions in `setUp()`. Always reset the cache or permissions after tests to prevent state pollution.
Is this package suitable for high-traffic applications with frequent permission updates?: Yes, but configure caching aggressively (e.g., Redis) and set short expiry times (e.g., hourly) for dynamic permissions. For bulk updates, queue permission assignments using Laravel’s queue system to avoid race conditions. Monitor cache hit ratios to optimize performance.
Can I use this for multi-tenant applications, and how do I scope permissions?: Yes, but you’ll need to scope the `Role` and `Permission` models to the current tenant. Use Laravel’s `GlobalScope` or middleware to filter queries by tenant ID. Alternatively, prefix permission names with tenant identifiers (e.g., `tenant1:users.create`).
What are the alternatives to DirectoryTree/Authorization for Laravel RBAC?: Popular alternatives include `spatie/laravel-permission` (more feature-rich, with hierarchical roles and audit logs) and `nWidart/laravel-modules` (for modular RBAC). Choose `DirectoryTree/Authorization` if you prefer native Laravel integration and minimal dependencies, or `spatie/laravel-permission` if you need advanced features like permission inheritance.

Popularity trends

Recorded values over time (once-a-day snapshots). May 8, 2026 – Jun 6, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

178

Favorites

178

Forks

Score

20.1

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 178

+0.9
Forks

input: 9

+0.3
Open issues + PRs

input: 3

+0.3
Releases

input: 6

+1.8
Recency

input: 71

+16.1
Issue opportunity

input: 2

+0.2
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 19.6

Opportunity

5.7

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

9.5
Contribution need

open_issues + open_prs: 3

1.3
Health factor

archived + recency + open issues

×0.97

Total 6.4

License

MIT

Last release

Mar 26, 2026

Watchers

Downloads

250/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope

anil/file-picker

broqit/fields-ai