Introduction
In this step-by-step tutorial, you’ll learn how to implement Role-Based Access Control (RBAC) in Laravel 12 using two key tools:
- Laravel Breeze: A lightweight starter kit for authentication (login, registration, password reset).
- Spatie Laravel Permission: A powerful package for managing roles and permissions in Laravel applications.
By the end of this guide, you'll have a fully functional authentication and RBAC system in place for your Laravel 12 project.
Prerequisites
Before you begin, ensure your development environment meets these requirements:
- PHP 8.1+
- Composer
- Node.js & npm
- Basic understanding of Laravel and MVC
Step 1: Create a New Laravel 12 Project
Start by installing a fresh Laravel app:
composer create-project laravel/laravel laravel-spatie-auth
Step 2: Install Laravel Breeze (Auth Starter Kit)
Breeze provides simple Blade-based authentication scaffolding.
composer require laravel/breeze --dev
php artisan breeze:install
Choose the stack (e.g., Blade with Alpine) when prompted.
Then install frontend dependencies and compile assets:
npm install
npm run dev
Configure your database in .env:
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel_db
DB_USERNAME=root
DB_PASSWORD=
Run migrations:
php artisan migrate
Laravel may prompt to auto-create the database if it doesn’t exist.
Start the dev server:
php artisan serve
Visit http://localhost:8000 to test the authentication.
Step 3: Install Spatie Laravel Permission Package
Install the package via Composer:
composer require spatie/laravel-permission
Step 4: Publish Spatie Config and Migrations
Publish the necessary files:
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"
This generates:
- config/permission.php
- Migrations for roles, permissions, and model relationships
Step 5: Run Migrations for Roles and Permissions
Apply the new database tables:
php artisan migrate
Step 6: Add HasRoles Trait to User Model
In app/Models/User.php, include:
use Spatie\Permission\Traits\HasRoles;
class User extends Authenticatable
{
use HasRoles;// ...
}
This enables role and permission methods on the User model.
Step 7: Create a Seeder for Roles and Permissions
Generate a seeder:
php artisan make:seeder RolePermissionSeeder
Edit database/seeders/RolePermissionSeeder.php:
<?php
namespace Database\Seeders;
use Illuminate\Database\Seeder;
use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;class RolePermissionSeeder extends Seeder
{
public function run()
{
app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();// Create permissions
Permission::create(['name' => 'view posts']);
Permission::create(['name' => 'create posts']);
Permission::create(['name' => 'edit posts']);
Permission::create(['name' => 'delete posts']);// Create roles and assign permissions
$admin = Role::create(['name' => 'admin']);
$editor = Role::create(['name' => 'editor']);
$viewer = Role::create(['name' => 'viewer']);$admin->givePermissionTo(Permission::all());
$editor->givePermissionTo(['view posts', 'create posts', 'edit posts']);
$viewer->givePermissionTo(['view posts']);
}
}
Step 8: Seed the Database
Run the seeder:
php artisan db:seed --class=RolePermissionSeeder
Step 9: Assign Roles to Users
Use Tinker or a controller to assign roles:
php artisan tinker
$user = \App\Models\User::find(1);
$user->assignRole('admin');
The roles table includes:
- id, name, guard_name, created_at, updated_at
Step 10: Use Blade Directives for Role and Permission Checks
In resources/views/dashboard.blade.php, add:
@php
$role = auth()->user()->getRoleNames()->first();
@endphp@if($role)
<p class="mt-4">
You're logged in as <strong class="text-green-600">{{ ucfirst($role) }}</strong>!
</p>
@else
<p class="mt-4 text-red-600">
You're logged in but no role has been assigned.
</p>
@endif
You can also use built-in Blade directives like:
@role('admin')
<p>Only visible to admin.</p>
@endrole@can('edit posts')
<p>You can edit posts.</p>
@endcan
Step 11: (Optional) Clear Role/Permission Cache
After changes to roles or permissions:
php artisan permission:cache-reset
Final Thoughts
Congratulations! You've successfully implemented:
- Laravel Breeze Authentication
- Role-Based Access Control (RBAC) using Spatie
- Role and permission seeding
- UI-level and route-level access control
This setup is a strong, scalable foundation for any Laravel 12 application that requires secure, flexible access control.