
Simple Access Control List (ACL) management for Laravel

Primary LanguagePHP




composer require laravolt/acl

Service Provider

Skip this step if you are using Laravel 5.5 or above.



Publish migration file (optional):

php artisan vendor:publish --provider="Laravolt\Acl\ServiceProvider" --tag=migrations

Run migration:

php artisan migrate

Publish Configuration (Optional)

php artisan vendor:publish --provider="Laravolt\Acl\ServiceProvider" --tag=config


Add Laravolt\Acl\Traits\HasRoleAndPermission trait to User model:


namespace App;

use Laravolt\Acl\Traits\HasRoleAndPermission;

class User
    use HasRoleAndPermission;

After that, User will have following methods:


Relationships that defines User has many Laravolt\Acl\Models\Role.

$user->hasRole($role, $checkAll = false)

Check if specific User has one or many roles. Return boolean true or false.


Assign one or many roles to specific User. Possible values for $role are: id, array of id, role name, Role object, or array of Role object.


Revoke/remove one or many roles from specific User. Possible values for $role are: id, array of id, role name, Role object, or array of Role object.

$user->hasPermission($permission, $checkAll = false)

Check if specific User has one or many permissions. Return boolean true or false.


php artisan laravolt:acl:sync-permission

Bypass Authorization

You can bypass authorization checking using Laravel built-in method:

// Place it somewhere before application running, e.g. in `AppServiceProvider`.
    // check if $user superadmin
    // and then return true to skip all authorization checking