1.<\/p>\r\n
composer create-project laravel\/laravel example-app<\/code><\/pre>\r\n2. setup mysql in .env file<\/p>\r\n
DB_CONNECTION=mysql\r\nDB_HOST=127.0.0.1\r\nDB_PORT=3306\r\nDB_DATABASE=dbNAMEhere\r\nDB_USERNAME=root\r\nDB_PASSWORD=<\/code><\/pre>\r\n3. install laravel breeze, or any other module that used for user authentication<\/p>\r\n
4. Install the Spatie Package with the following command:<\/strong><\/p>\r\ncomposer require spatie\/laravel-permission<\/code><\/pre>\r\n5. The service provider will automatically get registered. Or you may manually add the service provider in your config\/app.php <\/strong>file:<\/p>\r\n'providers' => [\r\n \/\/ ...\r\n Spatie\\Permission\\PermissionServiceProvider::class,\r\n];<\/code><\/pre>\r\n6. publish the migration<\/p>\r\n
php artisan vendor:publish --provider=\"Spatie\\Permission\\PermissionServiceProvider\"\r\n\r\nphp artisan migrate<\/code><\/pre>\r\n7. This package comes with RoleMiddleware, PermissionMiddleware and RoleOrPermissionMiddleware<\/strong> middleware. You can add them inside your app\/Http\/Kernel.php<\/strong> file to be able to use them through aliases.<\/p>\r\n\/\/ Note: Laravel 10+ uses $middlewareAliases = [\r\nprotected $middlewareAliases = [\r\n \/\/ ...\r\n 'role' => \\Spatie\\Permission\\Middleware\\RoleMiddleware::class,\r\n 'permission' => \\Spatie\\Permission\\Middleware\\PermissionMiddleware::class,\r\n 'role_or_permission' => \\Spatie\\Permission\\Middleware\\RoleOrPermissionMiddleware::class,\r\n];\r\n\r\n\/\/if < laravel 10\r\nprotected $routeMiddleware = [\r\n \/\/ other middleware...\r\n 'role' => \\Spatie\\Permission\\Middleware\\RoleMiddleware::class,\r\n 'permission' => \\Spatie\\Permission\\Middleware\\PermissionMiddleware::class,\r\n 'role_or_permission' => \\Spatie\\Permission\\Middleware\\RoleOrPermissionMiddleware::class,\r\n];\r\n<\/code><\/pre>\r\n8. Add the necessary trait to your User model ( app\/Models\/User.php <\/strong>) :<\/p>\r\nclass User extends Authenticatable\r\n{\r\n use HasRoles;<\/code><\/pre>\r\n9. CREATE ROUTES<\/p>\r\n
Route::group(['middleware' => ['role:super-admin|admin']], function() {\r\n\r\n Route::resource('permissions', App\\Http\\Controllers\\PermissionController::class);\r\n Route::get('permissions\/{permissionId}\/delete', [App\\Http\\Controllers\\PermissionController::class, 'destroy']);\r\n\r\n Route::resource('roles', App\\Http\\Controllers\\RoleController::class);\r\n Route::get('roles\/{roleId}\/delete', [App\\Http\\Controllers\\RoleController::class, 'destroy']);\r\n Route::get('roles\/{roleId}\/give-permissions', [App\\Http\\Controllers\\RoleController::class, 'addPermissionToRole']);\r\n Route::put('roles\/{roleId}\/give-permissions', [App\\Http\\Controllers\\RoleController::class, 'givePermissionToRole']);\r\n\r\n Route::resource('users', App\\Http\\Controllers\\UserController::class);\r\n Route::get('users\/{userId}\/delete', [App\\Http\\Controllers\\UserController::class, 'destroy']);\r\n\r\n});<\/code><\/pre>\r\n10. Download controllers and views from here and paste into your projects<\/p>\r\n
https:\/\/github.com\/RizwanKMW\/laravel-permission<\/code><\/pre>\r\n11. create the seeder with the following command:<\/p>\r\n
php artisan db:seed --class=\"UserRolePermissionSeeder\"<\/code><\/pre>\r\n12. RUN THE BELOW COMMADND AND access http:\/\/abc.com\/roles<\/strong><\/p>\r\nphp artisan serve<\/code><\/pre>\r\n <\/p>\r\n
EXPLAINATION:<\/span><\/strong><\/p>\r\n1. HOW TO CREATE ROLES AND PERMISSIONS<\/span><\/strong><\/p>\r\n$role = \\Spatie\\Permission\\Models\\Role::create(['name' => 'manager']);\r\n$permission = \\Spatie\\Permission\\Models\\Permission::create(['name' => 'view users']);<\/code><\/pre>\r\n2. Assign permissions to created roles<\/strong><\/p>\r\n$roleis = \\Spatie\\Permission\\Models\\Role::findByName(\"manager\"); \/\/first find role\r\n$roleis->givePermissionTo(\"view users\"); \/\/then give permission by name\r\n$role->givePermissionTo($permission); \/\/or give created permission previously step\r\n\r\n$roleis->syncPermissions(['view user', 'delete user']); \/\/delete all old permissions and assign new ones<\/code><\/pre>\r\n3. Remove Roles and permissions<\/span><\/strong><\/p>\r\n$roleis->revokePermissionTo('delete user'); \/\/permission remove from role\r\n$permission->removeRole($role); \/\/remove role from permission<\/code><\/pre>\r\n4. ASSIGN ROLE TO USER<\/strong><\/p>\r\n$user = \\App\\Models\\User::find(7); \r\n\/***Add roles,not remove existing roles. ***\/\r\n$user->assignRole('manager');\r\n\/\/$user->assignRole(['admin', 'editor']); \r\n\r\n\/*** Remove all roles, and assign new one's ***\/\r\n$user->syncRoles(['admin', 'editor']);\r\n<\/code><\/pre>\r\n <\/p>\r\n
5. Setup routes to prevent user from access , only assigned role can access that routes<\/strong><\/p>\r\nRoute::group(['middleware' => ['role:super-admin|admin']], function() {\r\n \/\/only admin or super-admin can access these routes ie \r\n Route::resource('users', App\\Http\\Controllers\\UserController::class);\r\n});<\/code><\/pre>\r\n6. Prevent methods to unauthorized permissions<\/strong><\/p>\r\nif user has \"create posts\" <\/strong>permissions only He\/She can access create and store methods<\/strong>,<\/p>\r\npublic function __construct()\r\n {\r\n $this->middleware('permission:create posts', ['only' => ['create', 'store']]);\r\n }<\/code><\/pre>\r\n7. if user has Roles Inside controllerMethods<\/strong><\/p>\r\n$user = auth()->user(); \/\/ Get the authenticated user\r\n\r\nif ($user->hasRole('admin')) {\r\n echo \"admin\";\r\n}\r\n\r\n\/\/FOR MULTIPLE ROLES CHECK\r\n\r\nif ($user->hasAnyRole(['admin','user'])) {\r\n echo \"admin\";\r\n}\r\n\r\n\/\/ TRY TO use to prevnet error \"Call to a member function hasAnyRole() on null\"\r\nif(auth()->check() && auth()->user()->hasAnyRole(['admin'])){\r\n echo \" secured <3\";\r\n}\r\n<\/code><\/pre>\r\n8. Check permissions inside controller Method<\/strong><\/p>\r\nif ($user->can('delete posts')) {\r\n echo \"User can delete posts\";\r\n}\r\n##### multiple permissions check\r\nif ($user->can(['create posts', 'edit posts'])) { }<\/code><\/pre>\r\n9. IN VIEWS, check if role have permission<\/strong><\/p>\r\n@can('delete posts')\r\n <div class=\"xd\"><\/div>\r\n@endcan<\/code><\/pre>\r\n10 IN VIEWS, DISPLAY CURRENT ROLES<\/strong><\/p>\r\n@if (Auth::check())\r\n <p>Your Role: {{ Auth::user()->getRoleNames()->implode(', ') }}<\/p>\r\n@endif<\/code><\/pre>\r\n11. Show content if user have no permission<\/strong><\/p>\r\n@if(auth()->user()->cannot('view_payment_stats'))\r\n <p>I have no permission view_payment_stats, so I can see this, anyone that have this permission are not allowed to see this<\/p>\r\n@else\r\n <p>I have permission<\/p>\r\n@endif\r\n<\/code><\/pre>\r\nIf sometime roles not work try below commands<\/p>\r\n
php artisan cache:clear\r\nphp artisan config:clear\r\nphp artisan route:clear\r\nphp artisan view:clear\r\nphp artisan permission:cache-reset<\/code><\/pre>\r\n
https:\/\/www.fundaofwebit.com\/post\/laravel-10-spatie-user-roles-and-permissions-tutorial<\/p>","category_id":"2","is_private":"0","created_at":"2024-09-30T06:51:49.000000Z","updated_at":"2025-07-16T02:22:27.000000Z","category":{"id":2,"user_id":"1","name":"Laravel Core","slug":"laravel-nhyt","parent_id":"1","created_at":"2023-03-14T03:58:27.000000Z","updated_at":"2023-03-20T11:30:50.000000Z"},"user":{"id":1,"name":"R GONDAL","email":"rizikmw@gmail.com","email_verified_at":null,"two_factor_confirmed_at":null,"current_team_id":"1","profile_photo_path":null,"created_at":"2023-03-12T10:49:33.000000Z","updated_at":"2025-01-10T12:59:00.000000Z","profile_photo_url":"https:\/\/ui-avatars.com\/api\/?name=R+G&color=7F9CF5&background=EBF4FF"}},"pageDesc":"1. composer create-project laravel\/laravel example-app 2. setup mysql in .env file DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 - Laravel Roles, Permissions using Spatie (Updated: July 16, 2025) - Read more about Laravel Roles, Permissions using Spatie at my programming site [SITE]","categories":[]}