Using multiple guards | laravel-permission | Spatie

 SPATIE

  Laravel Permission
=====================

spatie.be/open-source

  [Docs](https://spatie.be/docs)  [Laravel-permission](https://spatie.be/docs/laravel-permission/v5)  Basic-usage  Using multiple guards

 Version   v7   v6   v5   v4   v3

 Other versions for crawler [v7](https://spatie.be/docs/laravel-permission/v7) [v6](https://spatie.be/docs/laravel-permission/v6) [v5](https://spatie.be/docs/laravel-permission/v5) [v4](https://spatie.be/docs/laravel-permission/v4) [v3](https://spatie.be/docs/laravel-permission/v3)

- [ Introduction ](https://spatie.be/docs/laravel-permission/v5/introduction)
- [ Support us ](https://spatie.be/docs/laravel-permission/v5/support-us)
- [ Prerequisites ](https://spatie.be/docs/laravel-permission/v5/prerequisites)
- [ Installation in Laravel ](https://spatie.be/docs/laravel-permission/v5/installation-laravel)
- [ Installation in Lumen ](https://spatie.be/docs/laravel-permission/v5/installation-lumen)
- [ Upgrading ](https://spatie.be/docs/laravel-permission/v5/upgrading)
- [ Questions and issues ](https://spatie.be/docs/laravel-permission/v5/questions-issues)
- [ Changelog ](https://spatie.be/docs/laravel-permission/v5/changelog)
- [ About us ](https://spatie.be/docs/laravel-permission/v5/about-us)

Basic Usage
-----------

- [ Basic Usage ](https://spatie.be/docs/laravel-permission/v5/basic-usage/basic-usage)
- [ Direct Permissions ](https://spatie.be/docs/laravel-permission/v5/basic-usage/direct-permissions)
- [ Using Permissions via Roles ](https://spatie.be/docs/laravel-permission/v5/basic-usage/role-permissions)
- [ Enums ](https://spatie.be/docs/laravel-permission/v5/basic-usage/enums)
- [ Teams permissions ](https://spatie.be/docs/laravel-permission/v5/basic-usage/teams-permissions)
- [ Wildcard permissions ](https://spatie.be/docs/laravel-permission/v5/basic-usage/wildcard-permissions)
- [ Blade directives ](https://spatie.be/docs/laravel-permission/v5/basic-usage/blade-directives)
- [ Using a middleware ](https://spatie.be/docs/laravel-permission/v5/basic-usage/middleware)
- [ Defining a Super-Admin ](https://spatie.be/docs/laravel-permission/v5/basic-usage/super-admin)
- [ Using multiple guards ](https://spatie.be/docs/laravel-permission/v5/basic-usage/multiple-guards)
- [ Using artisan commands ](https://spatie.be/docs/laravel-permission/v5/basic-usage/artisan)
- [ Example App ](https://spatie.be/docs/laravel-permission/v5/basic-usage/new-app)

Best Practices
--------------

- [ Roles vs Permissions ](https://spatie.be/docs/laravel-permission/v5/best-practices/roles-vs-permissions)
- [ Model Policies ](https://spatie.be/docs/laravel-permission/v5/best-practices/using-policies)
- [ Performance Tips ](https://spatie.be/docs/laravel-permission/v5/best-practices/performance)

Advanced usage
--------------

- [ Testing ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/testing)
- [ Database Seeding ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/seeding)
- [ Exceptions ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/exceptions)
- [ Extending ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/extending)
- [ Cache ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/cache)
- [ Custom Permission Check ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/custom-permission-check)
- [ UUID ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/uuid)
- [ PhpStorm Interaction ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/phpstorm)
- [ Other ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/other)
- [ Timestamps ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/timestamps)
- [ UI Options ](https://spatie.be/docs/laravel-permission/v5/advanced-usage/ui-options)

      You are viewing the documentation for **an older version** of this package. You can check the version you are using with the following command:

 `                                    composer show spatie/laravel-permission                                                                                                                                                                                                                                    `

Using multiple guards
=====================

###  On this page

1. [ The Downside To Multiple Guards ](#content-the-downside-to-multiple-guards)
2. [ Forcing Use Of A Single Guard ](#content-forcing-use-of-a-single-guard)
3. [ Using permissions and roles with multiple guards ](#content-using-permissions-and-roles-with-multiple-guards)
4. [ Assigning permissions and roles to guard users ](#content-assigning-permissions-and-roles-to-guard-users)
5. [ Using blade directives with multiple guards ](#content-using-blade-directives-with-multiple-guards)

When using the default Laravel auth configuration all of the core methods of this package will work out of the box, no extra configuration required.

However, when using multiple guards they will act like namespaces for your permissions and roles. Meaning every guard has its own set of permissions and roles that can be assigned to their user model.

The Downside To Multiple Guards
-----------------------------------------------------------------------------------------------------------------------------------------------------

Note that this package requires you to register a permission name for each guard you want to authenticate with. So, "edit-article" would have to be created multiple times for each guard your app uses. An exception will be thrown if you try to authenticate against a non-existing permission+guard combination. Same for roles.

> **Tip**: If your app uses only a single guard, but is not `web` (Laravel's default, which shows "first" in the auth config file) then change the order of your listed guards in your `config/auth.php` to list your primary guard as the default and as the first in the list of defined guards. While you're editing that file, best to remove any guards you don't use, too.
>
> OR you could use the suggestion below to force the use of a single guard:

Forcing Use Of A Single Guard
-----------------------------------------------------------------------------------------------------------------------------------------------

If your app structure does NOT differentiate between guards when it comes to roles/permissions, (ie: if ALL your roles/permissions are the SAME for ALL guards), you can override the `getDefaultGuardName` function by adding it to your User model, and specifying your desired guard\_name. Then you only need to create roles/permissions for that single guard\_name, not duplicating them. The example here sets it to `web`, but use whatever your application's default is:

```
    protected function getDefaultGuardName(): string { return 'web'; }
```

Using permissions and roles with multiple guards
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

When creating new permissions and roles, if no guard is specified, then the **first** defined guard in `auth.guards` config array will be used.

```
// Create a manager role for users authenticating with the admin guard:
$role = Role::create(['guard_name' => 'admin', 'name' => 'manager']);

// Define a `publish articles` permission for the admin users belonging to the admin guard
$permission = Permission::create(['guard_name' => 'admin', 'name' => 'publish articles']);

// Define a *different* `publish articles` permission for the regular users belonging to the web guard
$permission = Permission::create(['guard_name' => 'web', 'name' => 'publish articles']);
```

To check if a user has permission for a specific guard:

```
$user->hasPermissionTo('publish articles', 'admin');
```

> **Note**: When determining whether a role/permission is valid on a given model, it checks against the first matching guard in this order (it does NOT check role/permission for EACH possibility, just the first match):

- first the guardName() method if it exists on the model;
- then the `$guard_name` property if it exists on the model;
- then the first-defined guard/provider combination in the `auth.guards` config array that matches the loaded model's guard;
- then the `auth.defaults.guard` config (which is the user's guard if they are logged in, else the default in the file).

Assigning permissions and roles to guard users
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

You can use the same core methods to assign permissions and roles to users; just make sure the `guard_name` on the permission or role matches the guard of the user, otherwise a `GuardDoesNotMatch` or `Role/PermissionDoesNotExist` exception will be thrown.

Using blade directives with multiple guards
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

You can use all of the blade directives offered by this package by passing in the guard you wish to use as the second argument to the directive:

```
@role('super-admin', 'admin')
    I am a super-admin!
@else
    I am not a super-admin...
@endrole
```