For a web application, it’s necessary to have and manage many different roles and permissions. They help us to define what are the responsibilities and capabilities of each of our employees.

It’s important to define our user roles and assign responsibilities to each of our employees because they make our website more secure.

In this tutorial, you are going to learn how to create and manage roles and permissions in Laravel using the Spatie package with examples. I hope you’ve already installed a Laravel project and authentication. Then you are good to go.

Let’s install the Spatie with the following command in our project. This package will work fine with Laravel 6 or higher.

composer require spatie/laravel-permission

After installing the package we have to register the service provider. Generally, the service provider will automatically get registered. If it isn’t, we’ve to add manually the service provider in the config/app.php file:

'providers' => [
    Spatie\Permission\PermissionServiceProvider::class,
];

Now we’ve to publish the migrations with the following command-

php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"

It will automatically create the CreatePermissionTables in the migrations folder of our project. We don’t need to change anything about it. We have to just migrate it to our database with the following command-

php artisan migrate

After the migrations, there will be five new tables included in our database named permissions, roles, model_has_permissions, model_has_roles, and role_has_permissions. Now we have to include the HasRoles in our user model.

User model:

use Spatie\Permission\Traits\HasRoles;

Controller:

Now, that everything is set, let’s create our first role. But before doing that, inside of our controller, we have to assign the roles and permissions. Like this-

In this example, our controller name is HomeController.

Creating a new role:

Role::create(['name' => 'writer']);

From our package model, we have to call the Role, and inside of the create function, we have to define the same of our role. Now. refresh the application and let’s check the roles table in our database.

As you can see, in our roles table the writer role is created. In the same way, we can also create permission. Let’s do that-

Creating new permission:

Permission::create(['name' => 'edit articles']);

Inside the permissions table, the new permission is created.

Now, there is a new role, and permission is created, let’s assign the edit articles permission to the writer role.

Assign permission to the role:

$role= Role::findById(1);
$permission= Permission::findById(1);
$role->givePermissionTo($permission);

We’ve to find that which permission we want to give to which role. Then if we refresh the page, inside of our role_has_permissions table the role is given permission.

Multiple permissions also can be assigned to a role using this method:

$role->syncPermissions($permissions);

Assign role to permission:

Let’s think, we want to assign new permission to the writer role. How can we do it? At first, we have to create a new permission.

Permission::create(['name' => 'write articles']);

Now we have new permission named write articles.

Let’s assign the role to the new permission-

$permission= Permission::findById(4);
$role= Role::findById(1);
$permission->assignRole($role);

As you can see, the new permission to write articles is assigned to role 1 which is the writer.

Multiple permissions can be synced to a role using this method:

$permission->syncRoles($roles);

Remove role from permission:

We can also remove a role from permission. First, we have to define which role we want to remove from which permission, and with the removeRole() function, we can do it.

$permission= Permission::findById(4);
$role= Role::findById(1);
$permission->removeRole($role);

OUTPUT:

If we check our database, we can see that the role is removed from permission id 4.

Remove permission from a role:

Now let’s remove the permission from the role. In this case, we have to use the revokePermissionTo() function. At this moment, we have one permission assigned to one role in our database. Let’s remove that-

$role= Role::findById(1);
$permission= Permission::findById(1);
$role->revokePermissionTo($permission);

OUTPUT:

In this way, you can easily assign and manage roles and permissions in Laravel. There are many ways available for that, but it is one of the most used ways for roles and permissions.

You can also manually set up your roles and permissions. But using Spatie it is easy to maintain our code. If you want to know more about the Spatie package you can visit the official website of Spatie. Thank you.