ACL implementation in Laravel 9 and 10

Support to laravel 9 and 10

Using users, roles, permissions, trait, middleware, provider, etc

How to works?

User 'super' has access to all tables and can do everything in each one. User 'admin' only has access to the permissions, roles and users tables and can do everything with them. User 'manager' only has access to the customer table and can do everything with it. The 'user' user has access only to the clients' index view.

Log in with each user to try it out.

Tested with

  • Windows 7 and 10
  • Linux Mint 20 and 21

News in version 2.0

Now we have two areas, public and administrative. When entering the root of the application, you will be able to access the list of clients and the show. After login you will have rights according to the user.

Create a new app named 'acl' in laravel 9

If you have laravel installer, use:

laravel new acl --jet --teams --stack=livewire
cd acl
npm install && npm run dev

If not, for laravel 10:

composer create-project --prefer-dist laravel/laravel acl

For laravel 9:

composer create-project --prefer-dist laravel/laravel acl "9.5.2"

cd acl
composer require laravel/jetstream
php artisan jetstream:install livewire
npm install && npm run dev

Create and configure the database

nano .env

Install the laravel-acl

composer require ribafs/laravel-acl


php artisan vendor:publish --provider="Ribafs\LaravelAcl\LaravelAclServiceProvider"

Copy some existing files

  • DatabaseSeeder.php
  • routes/web.php
  • views/welcome.blade.php
  • views/layouts/app.blade.php

Copy files

php artisan copy:files

Now all package files are already in your application: migrations, seeders, Models, middleware, provider, etc

Adjust app title (optional)

Edit the .env and change the line with APP_NAME, to something like: APP_NAME='ACL to Laravel 9'


After adding your CRUD, run and test the ACL on your application's access control.

php artisan migrate --seed
php artisan serve

If you receive the error

Use to test:

Then test with the others: admin, manager and user


This package is intended for new applications. Avoid using it in existing applications as it may overwrite some files.

Documentation in more detail

The information above and much more information on how to get the most out of this package (English only for now):

How to creating a demo app with ribafs/laravel-acl

Create a permission that no user has (example)


php artisan add:perm 'No perms' all-no 

And assign to all views I don't want access to


On actions

    public function create(Request $request)
        if ($request->user()->can('all-no')) {
            return view('admin.clients.create');
            print '<a href="#" onClick="window.history.back();">Back to app</a>';
            return '<h3 align="center">Access denied in this demo</h3>';

Restrict actions to only those that have all-no permission, which no user has.

So you don't need to change the views.

