Using a middleware | laravel-permission | Spatie SPATIE Laravel Permission ===================== spatie.be/open-source [Docs](https://spatie.be/docs) [Laravel-permission](https://spatie.be/docs/laravel-permission/v4) Basic-usage Using a middleware Version v7 v6 v5 v4 v3 Other versions for crawler [v7](https://spatie.be/docs/laravel-permission/v7) [v6](https://spatie.be/docs/laravel-permission/v6) [v5](https://spatie.be/docs/laravel-permission/v5) [v4](https://spatie.be/docs/laravel-permission/v4) [v3](https://spatie.be/docs/laravel-permission/v3) - [ Introduction ](https://spatie.be/docs/laravel-permission/v4/introduction) - [ Support us ](https://spatie.be/docs/laravel-permission/v4/support-us) - [ Prerequisites ](https://spatie.be/docs/laravel-permission/v4/prerequisites) - [ Installation in Laravel ](https://spatie.be/docs/laravel-permission/v4/installation-laravel) - [ Installation in Lumen ](https://spatie.be/docs/laravel-permission/v4/installation-lumen) - [ Upgrading ](https://spatie.be/docs/laravel-permission/v4/upgrading) - [ Questions and issues ](https://spatie.be/docs/laravel-permission/v4/questions-issues) - [ Changelog ](https://spatie.be/docs/laravel-permission/v4/changelog) - [ About us ](https://spatie.be/docs/laravel-permission/v4/about-us) Basic Usage ----------- - [ Basic Usage ](https://spatie.be/docs/laravel-permission/v4/basic-usage/basic-usage) - [ Direct Permissions ](https://spatie.be/docs/laravel-permission/v4/basic-usage/direct-permissions) - [ Using Permissions via Roles ](https://spatie.be/docs/laravel-permission/v4/basic-usage/role-permissions) - [ Wildcard permissions ](https://spatie.be/docs/laravel-permission/v4/basic-usage/wildcard-permissions) - [ Blade directives ](https://spatie.be/docs/laravel-permission/v4/basic-usage/blade-directives) - [ Defining a Super-Admin ](https://spatie.be/docs/laravel-permission/v4/basic-usage/super-admin) - [ Using multiple guards ](https://spatie.be/docs/laravel-permission/v4/basic-usage/multiple-guards) - [ Using artisan commands ](https://spatie.be/docs/laravel-permission/v4/basic-usage/artisan) - [ Using a middleware ](https://spatie.be/docs/laravel-permission/v4/basic-usage/middleware) - [ Example App ](https://spatie.be/docs/laravel-permission/v4/basic-usage/new-app) Best Practices -------------- - [ Roles vs Permissions ](https://spatie.be/docs/laravel-permission/v4/best-practices/roles-vs-permissions) - [ Model Policies ](https://spatie.be/docs/laravel-permission/v4/best-practices/using-policies) - [ Performance Tips ](https://spatie.be/docs/laravel-permission/v4/best-practices/performance) Advanced usage -------------- - [ Testing ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/testing) - [ Database Seeding ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/seeding) - [ Exceptions ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/exceptions) - [ Extending ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/extending) - [ Cache ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/cache) - [ UUID ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/uuid) - [ PhpStorm Interaction ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/phpstorm) - [ Other ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/other) - [ Timestamps ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/timestamps) - [ UI Options ](https://spatie.be/docs/laravel-permission/v4/advanced-usage/ui-options) You are viewing the documentation for **an older version** of this package. You can check the version you are using with the following command: ` composer show spatie/laravel-permission ` Using a middleware ================== ### On this page 1. [ Default Middleware ](#content-default-middleware) 2. [ Package Middleware ](#content-package-middleware) Default Middleware -------------------------------------------------------------------------------------------------------------- For checking against a single permission (see Best Practices) using `can`, you can use the built-in Laravel middleware provided by `\Illuminate\Auth\Middleware\Authorize::class` like this: ``` Route::group(['middleware' => ['can:publish articles']], function () { // }); ``` Package Middleware -------------------------------------------------------------------------------------------------------------- This package comes with `RoleMiddleware`, `PermissionMiddleware` and `RoleOrPermissionMiddleware` middleware. You can add them inside your `app/Http/Kernel.php` file. ``` protected $routeMiddleware = [ // ... 'role' => \Spatie\Permission\Middlewares\RoleMiddleware::class, 'permission' => \Spatie\Permission\Middlewares\PermissionMiddleware::class, 'role_or_permission' => \Spatie\Permission\Middlewares\RoleOrPermissionMiddleware::class, ]; ``` Then you can protect your routes using middleware rules: ``` Route::group(['middleware' => ['role:super-admin']], function () { // }); Route::group(['middleware' => ['permission:publish articles']], function () { // }); Route::group(['middleware' => ['role:super-admin','permission:publish articles']], function () { // }); Route::group(['middleware' => ['role_or_permission:super-admin|edit articles']], function () { // }); Route::group(['middleware' => ['role_or_permission:publish articles']], function () { // }); ``` Alternatively, you can separate multiple roles or permission with a `|` (pipe) character: ``` Route::group(['middleware' => ['role:super-admin|writer']], function () { // }); Route::group(['middleware' => ['permission:publish articles|edit articles']], function () { // }); Route::group(['middleware' => ['role_or_permission:super-admin|edit articles']], function () { // }); ``` You can protect your controllers similarly, by setting desired middleware in the constructor: ``` public function __construct() { $this->middleware(['role:super-admin','permission:publish articles|edit articles']); } ``` ``` public function __construct() { $this->middleware(['role_or_permission:super-admin|edit articles']); } ```