Featured
Guides

How To Implement Role-based Access Control (Rbac) In Laravel 12 Using Breeze And Spatie

Ronnie Jjuuko - July 31, 2025.
Advertisement

Introduction

In this step-by-step tutorial, you’ll learn how to implement Role-Based Access Control (RBAC) in Laravel 12 using two key tools:

  • Laravel Breeze: A lightweight starter kit for authentication (login, registration, password reset).
  • Spatie Laravel Permission: A powerful package for managing roles and permissions in Laravel applications.

By the end of this guide, you'll have a fully functional authentication and RBAC system in place for your Laravel 12 project.

Prerequisites

Before you begin, ensure your development environment meets these requirements:

  • PHP 8.1+
  • Composer
  • Node.js & npm
  • Basic understanding of Laravel and MVC

Step 1: Create a New Laravel 12 Project

Start by installing a fresh Laravel app:

composer create-project laravel/laravel laravel-spatie-auth

Step 2: Install Laravel Breeze (Auth Starter Kit)

Breeze provides simple Blade-based authentication scaffolding.

composer require laravel/breeze --dev
php artisan breeze:install

Choose the stack (e.g., Blade with Alpine) when prompted.

Then install frontend dependencies and compile assets:

npm install
npm run dev

Configure your database in .env:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel_db
DB_USERNAME=root
DB_PASSWORD=

Run migrations:

php artisan migrate

Laravel may prompt to auto-create the database if it doesn’t exist.

Start the dev server:

php artisan serve

Visit http://localhost:8000 to test the authentication.

Step 3: Install Spatie Laravel Permission Package

Install the package via Composer:

composer require spatie/laravel-permission

Step 4: Publish Spatie Config and Migrations

Publish the necessary files:

php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"

This generates:

  • config/permission.php
  • Migrations for roles, permissions, and model relationships

Step 5: Run Migrations for Roles and Permissions

Apply the new database tables:

php artisan migrate

Step 6: Add HasRoles Trait to User Model

In app/Models/User.php, include:

use Spatie\Permission\Traits\HasRoles;

class User extends Authenticatable
{
   use HasRoles;

   // ...
}

This enables role and permission methods on the User model.

Step 7: Create a Seeder for Roles and Permissions

Generate a seeder:

php artisan make:seeder RolePermissionSeeder

Edit database/seeders/RolePermissionSeeder.php:

<?php

namespace Database\Seeders;

use Illuminate\Database\Seeder;
use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;

class RolePermissionSeeder extends Seeder
{
   public function run()
   {
       app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();

       // Create permissions
       Permission::create(['name' => 'view posts']);
       Permission::create(['name' => 'create posts']);
       Permission::create(['name' => 'edit posts']);
       Permission::create(['name' => 'delete posts']);

       // Create roles and assign permissions
       $admin = Role::create(['name' => 'admin']);
       $editor = Role::create(['name' => 'editor']);
       $viewer = Role::create(['name' => 'viewer']);

       $admin->givePermissionTo(Permission::all());
       $editor->givePermissionTo(['view posts', 'create posts', 'edit posts']);
       $viewer->givePermissionTo(['view posts']);
   }
}

Step 8: Seed the Database

Run the seeder:

php artisan db:seed --class=RolePermissionSeeder

Step 9: Assign Roles to Users

Use Tinker or a controller to assign roles:

php artisan tinker

$user = \App\Models\User::find(1);
$user->assignRole('admin');

The roles table includes:

  • id, name, guard_name, created_at, updated_at

Step 10: Use Blade Directives for Role and Permission Checks

In resources/views/dashboard.blade.php, add:

@php
   $role = auth()->user()->getRoleNames()->first();
@endphp

@if($role)
   <p class="mt-4">
       You're logged in as <strong class="text-green-600">{{ ucfirst($role) }}</strong>!
   </p>
@else
   <p class="mt-4 text-red-600">
       You're logged in but no role has been assigned.
   </p>
@endif

You can also use built-in Blade directives like:

@role('admin')
   <p>Only visible to admin.</p>
@endrole

@can('edit posts')
   <p>You can edit posts.</p>
@endcan

Step 11: (Optional) Clear Role/Permission Cache

After changes to roles or permissions:

php artisan permission:cache-reset

Final Thoughts

Congratulations! You've successfully implemented:

  • Laravel Breeze Authentication
  • Role-Based Access Control (RBAC) using Spatie
  • Role and permission seeding
  • UI-level and route-level access control

This setup is a strong, scalable foundation for any Laravel 12 application that requires secure, flexible access control.

Comments (0)

No comments on this Post yet. Be the first to comment.

Please Login or Create an account to leave a comment.

Read Also

Our Website uses cookies and similar technologies to remember your preferences and analyze site usage.
By continuing to browse, you consent to our use of cookies as described in our Privacy Policy.

Learn More