Does spatie/laravel-authorize work with Laravel 10 or PHP 8.1+?

No, this package was last updated in 2016 and targets Laravel 5.1+ and PHP 5.6+. You’ll need to test it thoroughly or use a maintained fork, as Laravel’s authorization system has evolved significantly since then. Consider alternatives like built-in `authorize()` middleware or newer packages for modern Laravel versions.

How do I protect a route using this package?

Add the `can:` middleware to your route with the policy/gate name. For example, `'middleware' => 'can:viewTopSecretPage'` on a route. You can also group routes with shared authorization, like `'middleware' => 'can:viewAdmin'` in a route group. It integrates directly with Laravel’s native gates and policies.

Can I use this for role-based access control (RBAC)?

No, this package only handles route-level authorization via gates/policies. For RBAC, you’ll need a dedicated package like `spatie/laravel-permission` or `nwidart/laravel-modules`. This package is strictly for checking if a user can perform an action (e.g., `can:editPost`) on a route.

Will this conflict with other auth packages like spatie/laravel-permission?

Potentially, yes. Both packages rely on Laravel’s authorization system, so conflicts may arise if they’re used together. Test in a staging environment first. If you need RBAC, consider using `spatie/laravel-permission` alone, as it’s actively maintained and offers broader features.

How do I handle dynamic authorization (e.g., checking permissions on a model)?

Use route model binding with the middleware syntax. For example, `'can:editPost,post'` will pass the resolved `post` model to your policy’s `edit` method. This leverages Laravel’s built-in policy resolution, but ensure your policies are compatible with the package’s assumptions.

Is this package secure for production use?

Proceed with caution. The package is unmaintained, meaning it may lack critical security updates or compatibility fixes. Audit your policies and gates for vulnerabilities, especially if handling sensitive data. For production, consider a maintained alternative or a fork with active updates.

Can I use this with Laravel’s built-in authorize() middleware instead?

Yes, Laravel’s native `authorize()` middleware (e.g., `'middleware' => 'authorize:viewTopSecretPage'`) is a direct alternative and is actively maintained. It offers the same core functionality without the risks of an unmaintained package. The syntax is nearly identical, so migration is straightforward.

How do I test this package in my Laravel app?

Start by adding the middleware to a non-critical route and verify it works as expected. Use Laravel’s `actingAs()` method in tests to simulate authenticated users. Check for deprecation warnings or errors, especially if you’re on Laravel 6+. Mock policies to test edge cases like unauthorized access.

Are there alternatives to this package for Laravel 8+?

Yes, for modern Laravel, use the built-in `authorize()` middleware or packages like `spatie/laravel-permission` (for RBAC), `nwidart/laravel-modules` (for modular auth), or `gloudemans/shoppingcart` (if you need cart-based permissions). These are actively maintained and support newer Laravel versions.

How do I migrate from custom middleware to this package?

Replace your custom middleware with `can:` middleware in route definitions. For example, swap `'middleware' => 'CheckTopSecretAccess'` for `'middleware' => 'can:viewTopSecretPage'`. Ensure your policies extend Laravel’s `Policy` class and match the expected method signatures. Test incrementally to catch compatibility issues early.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Laravel Authorize Laravel Package

spatie/laravel-authorize

Route middleware for Laravel authorization. Protect routes and groups using Laravel’s Gate abilities via the can: middleware syntax, with support for route model binding (e.g., can:editPost,post) to authorize access to specific models.

View on GitHub

Deep Wiki

Context7

A middleware to check authorization

Frequently asked questions about Laravel Authorize

Does spatie/laravel-authorize work with Laravel 10 or PHP 8.1+?: No, this package was last updated in 2016 and targets Laravel 5.1+ and PHP 5.6+. You’ll need to test it thoroughly or use a maintained fork, as Laravel’s authorization system has evolved significantly since then. Consider alternatives like built-in `authorize()` middleware or newer packages for modern Laravel versions.
How do I protect a route using this package?: Add the `can:` middleware to your route with the policy/gate name. For example, `'middleware' => 'can:viewTopSecretPage'` on a route. You can also group routes with shared authorization, like `'middleware' => 'can:viewAdmin'` in a route group. It integrates directly with Laravel’s native gates and policies.
Can I use this for role-based access control (RBAC)?: No, this package only handles route-level authorization via gates/policies. For RBAC, you’ll need a dedicated package like `spatie/laravel-permission` or `nwidart/laravel-modules`. This package is strictly for checking if a user can perform an action (e.g., `can:editPost`) on a route.
Will this conflict with other auth packages like spatie/laravel-permission?: Potentially, yes. Both packages rely on Laravel’s authorization system, so conflicts may arise if they’re used together. Test in a staging environment first. If you need RBAC, consider using `spatie/laravel-permission` alone, as it’s actively maintained and offers broader features.
How do I handle dynamic authorization (e.g., checking permissions on a model)?: Use route model binding with the middleware syntax. For example, `'can:editPost,post'` will pass the resolved `post` model to your policy’s `edit` method. This leverages Laravel’s built-in policy resolution, but ensure your policies are compatible with the package’s assumptions.
Is this package secure for production use?: Proceed with caution. The package is unmaintained, meaning it may lack critical security updates or compatibility fixes. Audit your policies and gates for vulnerabilities, especially if handling sensitive data. For production, consider a maintained alternative or a fork with active updates.
Can I use this with Laravel’s built-in authorize() middleware instead?: Yes, Laravel’s native `authorize()` middleware (e.g., `'middleware' => 'authorize:viewTopSecretPage'`) is a direct alternative and is actively maintained. It offers the same core functionality without the risks of an unmaintained package. The syntax is nearly identical, so migration is straightforward.
How do I test this package in my Laravel app?: Start by adding the middleware to a non-critical route and verify it works as expected. Use Laravel’s `actingAs()` method in tests to simulate authenticated users. Check for deprecation warnings or errors, especially if you’re on Laravel 6+. Mock policies to test edge cases like unauthorized access.
Are there alternatives to this package for Laravel 8+?: Yes, for modern Laravel, use the built-in `authorize()` middleware or packages like `spatie/laravel-permission` (for RBAC), `nwidart/laravel-modules` (for modular auth), or `gloudemans/shoppingcart` (if you need cart-based permissions). These are actively maintained and support newer Laravel versions.
How do I migrate from custom middleware to this package?: Replace your custom middleware with `can:` middleware in route definitions. For example, swap `'middleware' => 'CheckTopSecretAccess'` for `'middleware' => 'can:viewTopSecretPage'`. Ensure your policies extend Laravel’s `Policy` class and match the expected method signatures. Test incrementally to catch compatibility issues early.

View on GitHub

Stars

201

Favorites

206

Forks

Score

23.4

License

MIT

Last release

Oct 31, 2016

Watchers

Downloads

142/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

enqueue/dsn

bunny/bunny

enqueue/test

enqueue/null

enqueue/amqp-tools

milesj/emojibase

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport