Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Bouncer
Assessments

Bouncer Laravel Package

silber/bouncer

Bouncer adds roles and abilities to Laravel with a fluent, Eloquent-powered API. Define permissions, assign roles to users, and authorize actions via gates and middleware. Supports caching, scoped abilities, and a simple, expressive permission model.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Role-Based Access Control (RBAC) Implementation:

    • Accelerate development of permission systems for SaaS platforms, admin panels, or multi-tenant applications by leveraging Eloquent-based roles/abilities.
    • Reduce custom code for permission checks, enabling faster iteration on feature development (e.g., user onboarding, admin dashboards).

  • Multi-Tenancy Support:

    • Justify adoption for platforms requiring tenant-specific permissions (e.g., shared hosting, marketplaces) by avoiding manual scope management.
    • Align with roadmap items for tenant isolation or cross-tenant permission inheritance.

  • Build vs. Buy:

    • Buy: Replace ad-hoc permission logic (e.g., nested if statements, custom middleware) with a battle-tested package, reducing technical debt.
    • Build: Only if requirements are highly specialized (e.g., dynamic permission evaluation based on external APIs) or if the team lacks PHP/Laravel expertise.

  • Use Cases:

    • Admin Panels: Granular CRUD permissions for content managers (e.g., "Edit Posts" but not "Delete Users").
    • SaaS Platforms: Tenant-specific role hierarchies (e.g., "Team Admin" vs. "Team Member").
    • Legacy Systems: Modernize monolithic apps with inconsistent permission logic.
    • GraphQL APIs: Integrate with Lighthouse for type-safe permission checks (via return type support).

When to Consider This Package

  • Adopt if:

    • Your Laravel app requires RBAC with Eloquent models (not just gate/policy-based checks).
    • You need multi-tenancy support with scoped permissions (e.g., SaaS, shared environments).
    • Your team prioritizes developer velocity over custom solutions (e.g., avoiding 500+ lines of permission logic).
    • You’re using Laravel 11+ (or can upgrade; Composer auto-manages version compatibility).
    • You require fine-grained abilities (e.g., "view:post" vs. "edit:post") beyond Laravel’s built-in gates.

  • Look elsewhere if:

    • You need attribute-level permissions (e.g., "edit:post.title" but not "edit:post.content")—consider spatie/laravel-permission or custom solutions.
    • Your app uses non-Eloquent data stores (e.g., MongoDB, CouchDB)—Bouncer is Eloquent-centric.
    • You require real-time permission updates (e.g., WebSockets)—Bouncer’s caching may need customization.
    • Your team lacks PHP/Laravel familiarity—steep learning curve for advanced features (e.g., scopes, ownership models).
    • You’re locked into Laravel <11 and unwilling to upgrade (use v1.0.1 instead).

How to Pitch It (Stakeholders)

For Executives:

*"Bouncer is a pre-built, Laravel-native RBAC system that will cut our permission-related development time by 70%—comparable to hiring a mid-level backend engineer for 3 months. For our [SaaS/multi-tenant/admin panel], it lets us:

  • Launch tenant-specific features faster (e.g., role hierarchies for teams) without custom middleware.
  • Reduce bugs by centralizing permission logic in a maintained package (3.6K stars, MIT license).
  • Scale securely with built-in multi-tenancy and ownership models, avoiding ad-hoc scope hacks. Upfront cost: ~2 dev days to integrate. ROI: Immediate velocity gains and lower maintenance risk. Alternatives (e.g., building in-house) would cost 3x more in dev time and tech debt."

For Engineering:

*"Bouncer replaces our current spaghetti permission system with a clean, Eloquent-based RBAC layer that:

  • Integrates seamlessly with Laravel’s gates/policies (runs after policies by default, configurable).
  • Supports multi-tenancy out of the box—no more manual scope management in queries.
  • Works with GraphQL (Lighthouse-compatible return types) and admin panels (granular abilities like view:post).
  • Reduces boilerplate: No more writing if ($user->hasRole('admin')) checks everywhere—just Bouncer::allow($user)->to('edit', Post::class). Trade-offs: Slight learning curve for advanced features (e.g., allowEveryone(), temporary scopes), but docs are solid. Recommended for Laravel 11+—Composer handles version compatibility automatically."*

For Security/Compliance:

*"Bouncer enforces least-privilege access with:

  • Role/ability inheritance (e.g., "Editor" inherits from "Viewer").
  • Ownership models (e.g., users can only edit their own posts unless explicitly allowed).
  • Audit-ready: All permissions are stored in the DB (tables: roles, abilities, permissions). Risk mitigation: MIT-licensed, actively maintained (last release: March 2026), and used by 3.6K+ projects. No vendor lock-in—we can fork if needed."*
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle
atriumphp/atrium
sandermuller/package-boost-laravel
sandermuller/boost-skills
redaxo/core
yusufgenc/filament-api-forge
l3aro/rating-star-for-filament
leek/filament-subtenant-scope