Dev Duniya
Mar 19, 2025
Laravel is one of the most popular PHP frameworks, known for its elegant syntax and robust features. Among these features is its ability to handle user authentication and authorization seamlessly. When building applications with multiple user types—such as admins, editors, or regular users—managing roles and permissions becomes essential.
In this guide, we’ll explore how to set up roles and permissions in Laravel 12 using the popular spatie/laravel-permission package. By the end, you’ll have a fully functional role-based access control (RBAC) system.
composer create-project laravel/laravel my-app "12.*")The spatie/laravel-permission package is a widely-used solution for managing roles and permissions in Laravel. It provides an intuitive API to assign roles to users and define permissions for specific actions.
composer require spatie/laravel-permissionAfter installation, publish the package’s configuration and migration files:
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"This will create a config/permission.php file and migration files in the database/migrations directory.
php artisan migrateThe package adds tables for roles, permissions, and their relationships with users. You should now see the following tables in your database:
roles: Stores role names (e.g., "admin", "editor").permissions: Stores permission names (e.g., "edit posts", "delete users").model_has_roles: Pivot table linking users (or other models) to roles.model_has_permissions: Pivot table linking users to specific permissions.role_has_permissions: Pivot table linking roles to permissions.To use roles and permissions with your User model, add the HasRoles trait provided by the package. Open app/Models/User.php and update it as follows:
namespace App\Models;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Spatie\Permission\Traits\HasRoles;
class User extends Authenticatable
{
use HasRoles;
protected $fillable = [
'name', 'email', 'password',
];
protected $hidden = [
'password', 'remember_token',
];
}Now, let’s define some roles and permissions. You can do this programmatically (e.g., in a seeder) or via a controller. For this guide, we’ll use a database seeder.
php artisan make:seeder RolePermissionSeederOpen database/seeders/RolePermissionSeeder.php and add the following code:
namespace Database\Seeders;
use Illuminate\Database\Seeder;
use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;
class RolePermissionSeeder extends Seeder
{
public function run()
{
// Create Permissions
Permission::create(['name' => 'create posts']);
Permission::create(['name' => 'edit posts']);
Permission::create(['name' => 'delete posts']);
Permission::create(['name' => 'manage users']);
// Create Roles and Assign Permissions
$adminRole = Role::create(['name' => 'admin']);
$editorRole = Role::create(['name' => 'editor']);
$userRole = Role::create(['name' => 'user']);
// Assign Permissions to Roles
$adminRole->givePermissionTo(['create posts', 'edit posts', 'delete posts', 'manage users']);
$editorRole->givePermissionTo(['create posts', 'edit posts']);
$userRole->givePermissionTo('create posts');
}
}php artisan db:seed --class=RolePermissionSeederSetting up roles and permissions in Laravel 12 with the spatie/laravel-permission package is straightforward and powerful. By following this guide, you’ve learned how to install the package, define roles and permissions, assign them to users, protect routes, and check authorization in your application.
Whether you’re building a simple blog or a complex enterprise system, this RBAC setup will help you manage access efficiently. Happy coding! 🚀