laravel-permission-model-attributes maintained by curly-deni
Laravel Permission Model Attributes
Laravel Permission Model Attributes adds permission-aware properties to your Eloquent models using native Laravel authorization. It provides a convenient way to check and expose model-level permissions through dynamic attributes like updatable and deletable, based on policies or internal rules.
✨ Features
- ✅ Adds
updatableanddeletablemodel attributes - 🧠 Static permission checks:
create,read,update,delete - 🔐 Seamless integration with Laravel’s native authorization system (policies)
- ⚡ Attribute caching for performance
- 🧩 Optional interface for strict typing
📦 Installation
Install via Composer:
composer require curly-deni/laravel-permission-model-attributes
Publish the config file:
php artisan vendor:publish --tag="permission-model-attributes-config"
⚙️ Configuration
return [
'create' => true,
'update' => true,
'delete' => true,
'read' => false,
];
Each flag enables permission checks for the corresponding action:
| Key | Description |
|---|---|
| create | Enables permission check via create() policy method |
| read | Enables permission check via read() policy method |
| update | Enables permission check via update() policy method |
| delete | Enables permission check via delete() policy method |
✅ Only the enabled actions will be checked. If disabled, permission checks are skipped entirely.
🛡 Policy Integration
The package automatically uses Laravel’s policy system. You must define policy methods only for the enabled actions.
✏ Define Policy Methods
class PostPolicy
{
public function create(User $user)
{
return $user->hasPermission('create-posts');
}
public function update(User $user, Post $post)
{
return $user->id === $post->user_id;
}
public function delete(User $user, Post $post)
{
return $user->id === $post->user_id;
}
public function read(User $user)
{
return $user->hasPermission('read-posts');
}
}
⚠️ Note: The
read()method accepts only theUserobject — no model instance is passed.
🚀 Usage
1. Add the Trait
use Aesis\PermissionModelAttributes\Traits\HasPermissionAttributes;
class Post extends Model
{
use HasPermissionAttributes;
}
2. (Optional) Implement the Interface
use Aesis\PermissionModelAttributes\Contracts\PermissionAttributes;
class Post extends Model implements PermissionAttributes
{
use HasPermissionAttributes;
}
3. Access in Code
$post = Post::find(1);
if ($post->updatable) {
// show edit button
}
if (Post::isCreatableStatic()) {
// show "New" button
}
📘 Trait Reference
| Method / Attribute | Type | Description |
|---|---|---|
updatable |
Attribute (bool) | Returns true if the model can be updated |
deletable |
Attribute (bool) | Returns true if the model can be deleted |
isUpdatable() |
Method | Instance-level permission check for update |
isDeletable() |
Method | Instance-level permission check for delete |
isCreatableStatic() |
Static | Class-level permission check for create |
isReadableStatic() |
Static | Class-level permission check for read |
isUpdatableStatic() |
Static | Class-level permission check for update |
isDeletableStatic() |
Static | Class-level permission check for delete |
👤 Author
📝 License
This package is open-sourced software licensed under the MIT license.