Introduction
In this step-by-step tutorial, you’ll learn how to implement Role-Based Access Control (RBAC) in Laravel 12 using two key tools:
- Laravel Breeze: A lightweight starter kit for authentication (login, registration, password reset).
- Spatie Laravel Permission: A powerful package for managing roles and permissions in Laravel applications.
By the end of this guide, you'll have a fully functional authentication and RBAC system in place for your Laravel 12 project.
Prerequisites
Before you begin, ensure your development environment meets these requirements:
- PHP 8.1+
- Composer
- Node.js & npm
- Basic understanding of Laravel and MVC
Step 1: Create a New Laravel 12 Project
composer create-project laravel/laravel laravel-spatie-authStep 2: Install Laravel Breeze (Auth Starter Kit)
composer require laravel/breeze --dev
php artisan breeze:installChoose the stack (e.g., Blade with Alpine) when prompted.
npm install
npm run devConfigure your database in .env:
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel_db
DB_USERNAME=root
DB_PASSWORD=php artisan migrate
php artisan serveVisit http://localhost:8000 to test authentication.
Step 3: Install Spatie Laravel Permission Package
composer require spatie/laravel-permissionStep 4: Publish Spatie Config and Migrations
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"Step 5: Run Migrations for Roles and Permissions
php artisan migrateStep 6: Add HasRoles Trait to User Model
<?php
use Spatie\Permission\Traits\HasRoles;
class User extends Authenticatable {
use HasRoles;
// ...
}Step 7: Create a Seeder for Roles and Permissions
php artisan make:seeder RolePermissionSeeder<?php
namespace Database\Seeders;
use Illuminate\Database\Seeder;
use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;
class RolePermissionSeeder extends Seeder {
public function run() {
app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();
// Create permissions
Permission::create(['name' => 'view posts']);
Permission::create(['name' => 'create posts']);
Permission::create(['name' => 'edit posts']);
Permission::create(['name' => 'delete posts']);
// Create roles and assign permissions
$admin = Role::create(['name' => 'admin']);
$editor = Role::create(['name' => 'editor']);
$viewer = Role::create(['name' => 'viewer']);
$admin->givePermissionTo(Permission::all());
$editor->givePermissionTo(['view posts', 'create posts', 'edit posts']);
$viewer->givePermissionTo(['view posts']);
}
}Step 8: Seed the Database
php artisan db:seed --class=RolePermissionSeederStep 9: Assign Roles to Users
php artisan tinker
$user = \App\Models\User::find(1);
$user->assignRole('admin');Step 10: Use Blade Directives for Role and Permission Checks
@php
$role = auth()->user()->getRoleNames()->first();
@endphp
@if($role)
<p class="mt-4">
You're logged in as <strong class="text-green-600">{{ ucfirst($role) }}</strong>!
</p>
@else
<p class="mt-4 text-red-600">
You're logged in but no role has been assigned.
</p>
@endif
@role('admin')
<p>Only visible to admin.</p>
@endrole
@can('edit posts')
<p>You can edit posts.</p>
@endcanStep 11: (Optional) Clear Role/Permission Cache
php artisan permission:cache-resetFinal Thoughts
Congratulations! You've successfully implemented:
- Laravel Breeze Authentication
- Role-Based Access Control (RBAC) using Spatie
- Role and permission seeding
- UI-level and route-level access control
This setup is a strong, scalable foundation for any Laravel 12 application that requires secure, flexible access control.