- How do I define roles and abilities in silber/bouncer for Laravel?
- Use Bouncer’s fluent API to define abilities (e.g., `Ability::create('edit_post')`) and assign them to roles (e.g., `Role::findOrCreate('admin')->give('edit_post')`). Roles can then be assigned to users via `User::first()->assignRole('admin')`. The package provides helper methods like `can()` and `allows()` for permission checks.
- Does silber/bouncer work with Laravel’s built-in Policies and Gates?
- Yes, Bouncer integrates directly with Laravel’s Policies and Gates. By default, it runs *after* Policies (v1.0+), meaning Policies override Bouncer checks. To change this, use `Bouncer::runBeforePolicies()` or `Bouncer::runAfterPolicies()`. This ensures compatibility with existing authorization logic.
- Can I use silber/bouncer for model-specific permissions (e.g., user-owned posts)?
- Absolutely. Bouncer supports scoped abilities tied to model instances or types. For example, you can define `Ability::create('edit_post')->scopedTo('Post')`, then check permissions with `user->can('edit_post', $post)`. This is ideal for collaborative apps where access depends on ownership or context.
- What Laravel versions does silber/bouncer support?
- Bouncer requires **Laravel 11+** for v1.0.2+ (latest features). If you’re on Laravel 10 or older, use v1.0.1, but note that some v1.0+ features (like morph map auto-registration) won’t be available. Always check the [release notes](https://github.com/JosephSilber/bouncer/releases) for version-specific requirements.
- How do I migrate from hierarchical roles (Levels) in Bouncer v1.0+?
- Bouncer v1.0+ removed hierarchical roles (Levels) to simplify the API. If your app relied on this, you’ll need to manually redefine roles and abilities as flat structures. For example, replace `Role::create('admin')->giveLevel(2)` with `Role::create('admin')->give('ability1', 'ability2')`. No data migration is required—just reassign permissions.
- Is silber/bouncer compatible with multi-tenancy (e.g., SaaS platforms)?
- Yes, Bouncer supports multi-tenancy through scoped abilities and roles. Use `Bouncer::scope($tenantId)` to isolate permissions by tenant, or define tenant-specific abilities (e.g., `Ability::create('manage_tenant')->scopedTo('Tenant')`). This works alongside packages like Stancl/Tenancy or custom tenant isolation logic.
- How do I cache permissions in silber/bouncer for better performance?
- Bouncer caches permissions by default, but you can customize this via the `BouncerServiceProvider`. For cross-request caching (e.g., in queues), use `Bouncer::refresh()` to clear cached data when needed. Avoid aggressive caching if permissions change frequently, as stale data can lead to incorrect access checks.
- Can I use silber/bouncer with non-standard authentication (e.g., API tokens, SSO)?
- Bouncer works with any Laravel authentication backend, including API tokens (via Sanctum/Passport) or SSO (e.g., Laravel Socialite). Assign roles/abilities to the authenticated user model (e.g., `TokenUser`, `SocialUser`) just like you would with a standard `User` model. Ensure your auth system resolves the correct user instance before permission checks.
- What are the alternatives to silber/bouncer for Laravel RBAC?
- Alternatives include **spatie/laravel-permission** (role-based with hierarchical support), **entrust/entrust** (legacy but lightweight), and **laravel-nestedset/role** (for nested roles). Bouncer stands out for its **ability-based** system (not just roles), seamless Laravel integration (Policies/Gates), and support for scoped permissions. Choose based on whether you need hierarchical roles or fine-grained model-specific abilities.
- How do I test silber/bouncer in Laravel (Pest/PHPUnit)?
- Test Bouncer by mocking the `Authorizable` trait or using the `Bouncer` facade. For example, in Pest: `Bouncer::actingAs($user)->can('edit_post', $post)->assertTrue()`. Use `Bouncer::fake()` to simulate permission checks without hitting the database. For GraphQL (Lighthouse), return types like `PermissionType` are included out of the box.