Nova Permissions


Permissions Based Authorization Package for Laravel Nova

Community Laravel
Visit Site

Laravel Nova Grouped Permissions (ACL)

Most web applications that have an account or admin area typically require some kind of access-control which is commonly handled through the use of Roles and Permissions.

The Laravel framework has provided a convenient way to handle Authorization in the form of Gates and Policies that allow for fine-grained control over determining who and what can be accessed.

I wanted to create an easy, accessible way to assign permissions to users in Laravel Nova without needing to learn anything new outside of how to work with standard Laravel Gates and Policies.

Nova Permissions is an opinionated authorization package that adds full-featured access control to your Laravel Nova application. It provides Users with Roles that are granted access to permissions through Laravel Gates. It also allows you to group your permissions into groups. 🚀

It differs from other authorization packages by using hard-coded permissions defined within gate policies, rather than duplicating them within the database. Roles are defined in the database whereas permissions are defined in the codebase.



This Package is inspired by Silvanite\Brandenburg as it has clear separation of concerns.

Typically, other packages would suggest validating the user based on roles and permissions.

// The code expects you to have the editor role in your database

if ($user->role === 'editor') {
    // grant access

The problem with this approach is that it assumes that you created the editor role in your database because your source-code relies on it. It also means that if you create a new role or permission in your code, you have to create a new database entry to match this new role or permission.

Brandenburg uses Policies defined in the source only and does not require these to be duplicated in the database. Instead, these permissions are assigned to Roles in the database, but the validation is done purely on permissions, not the Roles itself, meaning that your source-code does not rely on you creating specific data in your DB.

// The "create articles" permissions exists in code only

if ($user->hasPermissionTo('create articles')) {
    // grant access

You can read more about this package here.

If you like this project, show some love by starring the repo. ⭐❤