Prerequisites | laravel-permission | Spatie

 SPATIE

  Laravel Permission
=====================

spatie.be/open-source

  [Docs](https://spatie.be/docs)  [Laravel-permission](https://spatie.be/docs/laravel-permission/v7)  Prerequisites

 Version   v7   v6   v5   v4   v3

 Other versions for crawler [v7](https://spatie.be/docs/laravel-permission/v7) [v6](https://spatie.be/docs/laravel-permission/v6) [v5](https://spatie.be/docs/laravel-permission/v5) [v4](https://spatie.be/docs/laravel-permission/v4) [v3](https://spatie.be/docs/laravel-permission/v3)

- [ Introduction ](https://spatie.be/docs/laravel-permission/v7/introduction)
- [ Support us ](https://spatie.be/docs/laravel-permission/v7/support-us)
- [ Prerequisites ](https://spatie.be/docs/laravel-permission/v7/prerequisites)
- [ Installation in Laravel ](https://spatie.be/docs/laravel-permission/v7/installation-laravel)
- [ Upgrading ](https://spatie.be/docs/laravel-permission/v7/upgrading)
- [ Questions and issues ](https://spatie.be/docs/laravel-permission/v7/questions-issues)
- [ Changelog ](https://spatie.be/docs/laravel-permission/v7/changelog)
- [ About us ](https://spatie.be/docs/laravel-permission/v7/about-us)

Basic Usage
-----------

- [ Basic Usage ](https://spatie.be/docs/laravel-permission/v7/basic-usage/basic-usage)
- [ Direct Permissions ](https://spatie.be/docs/laravel-permission/v7/basic-usage/direct-permissions)
- [ Using Permissions via Roles ](https://spatie.be/docs/laravel-permission/v7/basic-usage/role-permissions)
- [ Enums ](https://spatie.be/docs/laravel-permission/v7/basic-usage/enums)
- [ Teams permissions ](https://spatie.be/docs/laravel-permission/v7/basic-usage/teams-permissions)
- [ Wildcard permissions ](https://spatie.be/docs/laravel-permission/v7/basic-usage/wildcard-permissions)
- [ Blade directives ](https://spatie.be/docs/laravel-permission/v7/basic-usage/blade-directives)
- [ Defining a Super-Admin ](https://spatie.be/docs/laravel-permission/v7/basic-usage/super-admin)
- [ Using multiple guards ](https://spatie.be/docs/laravel-permission/v7/basic-usage/multiple-guards)
- [ Artisan Commands ](https://spatie.be/docs/laravel-permission/v7/basic-usage/artisan)
- [ Middleware ](https://spatie.be/docs/laravel-permission/v7/basic-usage/middleware)
- [ Passport Client Credentials Grant usage ](https://spatie.be/docs/laravel-permission/v7/basic-usage/passport)
- [ Example App ](https://spatie.be/docs/laravel-permission/v7/basic-usage/new-app)

Best Practices
--------------

- [ Roles vs Permissions ](https://spatie.be/docs/laravel-permission/v7/best-practices/roles-vs-permissions)
- [ Model Policies ](https://spatie.be/docs/laravel-permission/v7/best-practices/using-policies)
- [ Performance Tips ](https://spatie.be/docs/laravel-permission/v7/best-practices/performance)

Advanced usage
--------------

- [ Testing ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/testing)
- [ Database Seeding ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/seeding)
- [ Exceptions ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/exceptions)
- [ Extending ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/extending)
- [ Cache ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/cache)
- [ Events ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/events)
- [ Custom Permission Check ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/custom-permission-check)
- [ UUID/ULID ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/uuid)
- [ PhpStorm Interaction ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/phpstorm)
- [ Other ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/other)
- [ Timestamps ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/timestamps)
- [ UI Options ](https://spatie.be/docs/laravel-permission/v7/advanced-usage/ui-options)

 Prerequisites
=============

###  On this page

1. [ Laravel Version Compatibility ](#content-laravel-version-compatibility)
2. [ User Model / Contract/Interface ](#content-user-model--contractinterface)
3. [ Must not have a \[role\] or \[roles\] property/relation, nor a \[roles()\] method ](#content-must-not-have-a-role-or-roles-propertyrelation-nor-a-roles-method)
4. [ Must not have a \[permission\] or \[permissions\] property/relation, nor a \[permissions()\] method ](#content-must-not-have-a-permission-or-permissions-propertyrelation-nor-a-permissions-method)
5. [ Config file ](#content-config-file)
6. [ Database Schema Limitations ](#content-database-schema-limitations)
7. [ Note for apps using UUIDs/ULIDs/GUIDs ](#content-note-for-apps-using-uuidsulidsguids)
8. [ Database foreign-key relationship support ](#content-database-foreign-key-relationship-support)

Laravel Version Compatibility
-----------------------------------------------------------------------------------------------------------------------------------------------

Laravel VersionPackage Version12, 13`^7.0` (PHP 8.3+)8,9,10,11,12`^6.0` (PHP 8.0+)7,8,9,10`^5.8`7,8,9`^5.7`7,8`^5.4`-`^5.6`6,7,8`^5.0`-`^5.3`6,7,8`^4`5.8`^3`User Model / Contract/Interface
-------------------------------------------------------------------------------------------------------------------------------------------------

This package uses Laravel's Gate layer to provide Authorization capabilities. The Gate/authorization layer requires that your `User` model implement the `Illuminate\Contracts\Auth\Access\Authorizable` contract. Otherwise the `can()` and `authorize()` methods will not work in your controllers, policies, templates, etc.

In the `Installation` instructions you'll see that the `HasRoles` trait must be added to the User model to enable this package's features.

Thus, a typical basic User model would have these basic minimum requirements:

```
use Illuminate\Foundation\Auth\User as Authenticatable;
use Spatie\Permission\Traits\HasRoles;

class User extends Authenticatable
{
    use HasRoles;

    // ...
}
```

Must not have a \[role\] or \[roles\] property/relation, nor a \[roles()\] method
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Your `User` model/object MUST NOT have a `role` or `roles` property (or field in the database by that name), nor a `roles()` method on it (nor a `roles` relation). Those will interfere with the properties and methods and relations added by the `HasRoles` trait provided by this package, thus causing unexpected outcomes when this package's methods are used to inspect roles and permissions.

Must not have a \[permission\] or \[permissions\] property/relation, nor a \[permissions()\] method
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Your `User` model/object MUST NOT have a `permission` or `permissions` property (or field in the database by that name), nor a `permissions()` method on it (nor a `permissions` relation). Those will interfere with the properties and methods and relations added by the `HasPermissions` trait provided by this package (which is invoked via the `HasRoles` trait).

Config file
-----------------------------------------------------------------------------------------

This package publishes a `config/permission.php` file. If you already have a file by that name, you must rename or remove it, as it will conflict with this package. You could optionally merge your own values with those required by this package, as long as the keys that this package expects are present. See the source file for more details.

Database Schema Limitations
-----------------------------------------------------------------------------------------------------------------------------------------

Potential error message: "1071 Specified key was too long; max key length is 1000 bytes"

MySQL 8.0+ limits index key lengths, which might be too short for some compound indexes used by this package. This package publishes a migration which combines multiple columns in a single index. With `utf8mb4` the 4-bytes-per-character requirement of `mb4` means the total length of the columns in the hybrid index can only be `25%` of that maximum index length.

- MyISAM tables limit the index to 1000 characters (which is only 250 total chars in `utf8mb4`)
- InnoDB tables using ROW\_FORMAT of 'Redundant' or 'Compact' limit the index to 767 characters (which is only 191 total chars in `utf8mb4`)
- InnoDB tables using ROW\_FORMAT of 'Dynamic' or 'Compressed' have a 3072 character limit (which is 768 total chars in `utf8mb4`).

Depending on your MySQL or MariaDB configuration, you may implement one of the following approaches:

1. Ideally, configure the database to use InnoDB by default, and use ROW FORMAT of 'Dynamic' by default for all new tables. (See [MySQL](https://dev.mysql.com/doc/refman/8.0/en/innodb-limits.html) and [MariaDB](https://mariadb.com/kb/en/innodb-dynamic-row-format/) docs.)
2. OR if your app doesn't require a longer default, in your AppServiceProvider you can set `Schema::defaultStringLength(125)`. [See the Laravel Docs for instructions](https://laravel.com/docs/10.x/migrations#index-lengths-mysql-mariadb). This will have Laravel set all strings to 125 characters by default.
3. OR you could edit the migration and specify a shorter length for 4 fields. Then in your app be sure to manually impose validation limits on any form fields related to these fields. In the migration file, there are 2 places where you can explicitly set the length for both the 'name' and 'guard\_name' fields, on 2 tables. Suggested specific lengths are shown below:

```
    $table->string('name');       // For MyISAM use string('name', 225); // (or 166 for InnoDB with Redundant/Compact row format)
    $table->string('guard_name'); // For MyISAM use string('guard_name', 25);
```

Note for apps using UUIDs/ULIDs/GUIDs
-------------------------------------------------------------------------------------------------------------------------------------------------------------------

This package expects the primary key of your `User` model to be an auto-incrementing `int`. If it is not, you may need to modify the `create_permission_tables` migration and/or modify the default configuration. See  for more information.

Database foreign-key relationship support
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

To enforce database integrity, this package uses foreign-key relationships with cascading deletes. This prevents data mismatch situations if database records are manipulated outside of this package. If your database engine does not support foreign-key relationships, then you will have to alter the migration files accordingly.

This package does its own detaching of pivot records when deletes are called using provided package methods, so if your database does not support foreign keys then as long as you only use method calls provided by this package for managing related records, there should not be data integrity issues.