laravel-permission_skill

This skill helps you implement Laravel RBAC using Spatie permissions, enabling secure routes, blade directives, and multi-tenant team contexts.
  • TypeScript

2

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill fusengine/agents --skill laravel-permission

  • SKILL.md9.0 KB

Overview

This skill integrates Spatie Laravel Permission into Laravel projects to provide full role-based access control (RBAC) including roles, permissions, middleware, Blade directives, teams, wildcards, and super-admin bypass. It covers API guard support, testing patterns, cache management, and common code templates for seeding and middleware. Use it to standardize authorization across web and API surfaces and to simplify multi-tenant permission scoping.

How this skill works

The skill inspects existing authorization patterns, seeds roles and permissions, and wires HasRoles into your User model. It adds middleware and Blade directives for route and UI protection, supports team-scoped permissions and wildcard hierarchies, and suggests a Gate::before super-admin bypass. It enforces cache reset and test setup steps so permission changes are consistent in dev, CI, and runtime.

When to use it

  • Implementing role-based access control for web or API endpoints
  • Scoping permissions per team or tenant in multi-tenant apps
  • Protecting routes and Blade views with middleware and directives
  • Adding wildcard or hierarchical permissions for granular access
  • Integrating permissions into API guards (Sanctum/Passport) and policies

Best practices

  • Seed roles and permissions in DatabaseSeeder and keep naming in kebab-case (e.g., edit-articles)
  • Reset permission cache after changes: php artisan permission:cache-reset and in test setup forgetCachedPermissions()
  • Avoid hardcoding role logic in controllers; use middleware and policies for separation of concerns
  • Set the team context early in the request lifecycle for multi-tenant behavior
  • Explicitly specify guard names for API routes (permission:edit,api) and use JSON-friendly exception handlers

Example use cases

  • Protect admin routes with Route::middleware(['role:admin'])->group(...) and Blade @role directives
  • Seed a set of hierarchical permissions like articles.* and attach to a writer role
  • Implement a Gate::before rule to grant Super-Admin full access without individual permissions
  • Scope permissions per team using setPermissionsTeamId($team->id) and team middleware
  • Run permission cache reset in CI deploy scripts and clear cached permissions in test beforeEach

FAQ

Update seeders or use migrations and run php artisan permission:cache-reset during your deploy to refresh caches safely.

Can I use the same permissions for web and API?

Yes; explicitly pass the API guard when needed (e.g., permission:edit,api) and ensure your auth middleware (Sanctum/Passport) is configured.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
laravel-permission skill by fusengine/agents | VeilStrat