{"id":115,"date":"2025-08-25T11:03:48","date_gmt":"2025-08-25T11:03:48","guid":{"rendered":"https:\/\/1v0.net\/blog\/?p=115"},"modified":"2025-08-26T08:50:48","modified_gmt":"2025-08-26T08:50:48","slug":"step-by-step-guide-creating-a-user-roles-and-permissions-app-with-laravel-12","status":"publish","type":"post","link":"https:\/\/1v0.net\/blog\/step-by-step-guide-creating-a-user-roles-and-permissions-app-with-laravel-12\/","title":{"rendered":"Step-by-Step Guide: Creating a User Roles and Permissions App with Laravel 12"},"content":{"rendered":"\n

When building modern applications, one of the most common requirements is managing user roles<\/strong> and permissions<\/strong>. In this post, we\u2019ll break down the concepts, then show you how to implement them in a Laravel 12 app step by step \u2014 including a simple admin UI to manage roles and permissions.<\/p>\n\n\n\n

<\/div>\n\n\n\n

Definitions<\/strong><\/h2>\n\n\n\n

Role<\/strong>: A role is a named bundle of permissions (e.g., Admin<\/em>, Editor<\/em>). Assigning a role grants all permissions that role contains.<\/p>\n\n\n\n

Permission<\/strong>: A permission represents a specific action (e.g., posts.create<\/em>, users.delete<\/em>). Permissions are the atomic units of access.<\/p>\n\n\n\n

RBAC (Role-Based Access Control)<\/strong>: A strategy where users get roles, and roles contain permissions. This avoids assigning dozens of permissions directly to each user.<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/div>\n\n\n\n

Step 1 – Install Laravel and Spatie Roles & Permissions<\/strong><\/h2>\n\n\n\n

<\/p>\n\n\n

composer create-project laravel\/laravel roles-permissions-app\ncd roles-permissions-app\n\ncomposer require<\/span> spatie\/laravel-permission<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\n
Publish config and migrations:<\/p>\n\n\n
php artisan vendor:publish --provider=\"Spatie\\Permission\\PermissionServiceProvider\"<\/span><\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
Step 2 – Run Migrations<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n
php artisan migrate<\/code><\/span><\/pre>\n\n\n
This creates roles<\/code>, permissions<\/code>, and pivot tables to link them with users.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
Step 3 – Add Trait to User Model<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n
\/\/ app\/Models\/User.php<\/span>\n<\/span><\/span>namespace<\/span> App<\/span>\\Models<\/span>;\n<\/span><\/span>\n<\/span><\/span>use<\/span> Illuminate<\/span>\\Foundation<\/span>\\Auth<\/span>\\User<\/span> as<\/span> Authenticatable<\/span>;\n<\/span><\/span>use<\/span> Spatie<\/span>\\Permission<\/span>\\Traits<\/span>\\HasRoles<\/span>;\n<\/span><\/span>\n<\/span><\/span>class<\/span> User<\/span> extends<\/span> Authenticatable<\/span><\/span>\n<\/span><\/span><\/span>{\n<\/span><\/span>    use<\/span> HasRoles<\/span>;\n<\/span><\/span>\n<\/span><\/span>    \/\/ ...<\/span>\n<\/span><\/span>}\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
Step 4 – Seed Roles & Permissions<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n\n
Create a seeder to define a baseline policy:<\/p>\n\n\n
\/\/ database\/seeders\/RolesAndPermissionsSeeder.php<\/span>\n<\/span><\/span>namespace<\/span> Database<\/span>\\Seeders<\/span>;\n<\/span><\/span>\n<\/span><\/span>use<\/span> Illuminate<\/span>\\Database<\/span>\\Seeder<\/span>;\n<\/span><\/span>use<\/span> Spatie<\/span>\\Permission<\/span>\\Models<\/span>\\Role<\/span>;\n<\/span><\/span>use<\/span> Spatie<\/span>\\Permission<\/span>\\Models<\/span>\\Permission<\/span>;\n<\/span><\/span>\n<\/span><\/span>class<\/span> RolesAndPermissionsSeeder<\/span> extends<\/span> Seeder<\/span><\/span>\n<\/span><\/span><\/span>{\n<\/span><\/span>    public<\/span> function<\/span> run<\/span>()<\/span>: void<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $permissions = [\n<\/span><\/span>            'posts.create'<\/span>,\n<\/span><\/span>            'posts.edit'<\/span>,\n<\/span><\/span>            'posts.delete'<\/span>,\n<\/span><\/span>            'users.view'<\/span>,\n<\/span><\/span>            'users.edit'<\/span>,\n<\/span><\/span>        ];\n<\/span><\/span>\n<\/span><\/span>        foreach<\/span> ($permissions as<\/span> $name) {\n<\/span><\/span>            Permission::firstOrCreate(['name'<\/span> => $name]);\n<\/span><\/span>        }\n<\/span><\/span>\n<\/span><\/span>        $admin = Role::firstOrCreate(['name'<\/span> => 'Admin'<\/span>]);\n<\/span><\/span>        $editor = Role::firstOrCreate(['name'<\/span> => 'Editor'<\/span>]);\n<\/span><\/span>\n<\/span><\/span>        $admin->givePermissionTo($permissions);\n<\/span><\/span>        $editor->givePermissionTo(['posts.create'<\/span>, 'posts.edit'<\/span>]);\n<\/span><\/span>    }\n<\/span><\/span>}\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n
php artisan db:seed --class<\/span><\/span>=RolesAndPermissionsSeeder<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
Step 5 – Gate Your Routes<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n
\/\/ routes\/web.php<\/span>\n<\/span><\/span>use<\/span> Illuminate<\/span>\\Support<\/span>\\Facades<\/span>\\Route<\/span>;\n<\/span><\/span>\n<\/span><\/span>Route::get('\/admin'<\/span>, fn() => 'Admin panel'<\/span>)\n<\/span><\/span>    ->middleware('role:Admin'<\/span>);\n<\/span><\/span>\n<\/span><\/span>Route::get('\/posts\/create'<\/span>, fn() => 'Create post form'<\/span>)\n<\/span><\/span>    ->middleware('permission:posts.create'<\/span>);\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
Step 6 – Build a Simple Management UI (Blade)<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n\n
\n
What you’ll build:<\/strong> Minimal CRUD screens to list, create, and edit Roles and Permissions, plus assign permissions to roles and roles to users.<\/p>\n<\/blockquote>\n\n\n\n
Generate controllers:<\/p>\n\n\n
php artisan make:controller Admin\/RoleController --resource\nphp artisan make:controller Admin\/PermissionController --resource\nphp artisan make:controller Admin\/UserRoleController<\/code><\/span><\/pre>\n\n\n
Routes for the admin UI (protect with role:Admin<\/code>):<\/p>\n\n\n
\/\/ routes\/web.php<\/span>\n<\/span><\/span>use<\/span> App<\/span>\\Http<\/span>\\Controllers<\/span>\\Admin<\/span>\\RoleController<\/span>;\n<\/span><\/span>use<\/span> App<\/span>\\Http<\/span>\\Controllers<\/span>\\Admin<\/span>\\PermissionController<\/span>;\n<\/span><\/span>use<\/span> App<\/span>\\Http<\/span>\\Controllers<\/span>\\Admin<\/span>\\UserRoleController<\/span>;\n<\/span><\/span>\n<\/span><\/span>Route::middleware(['auth'<\/span>, 'role:Admin'<\/span>])->prefix('admin'<\/span>)->name('admin.'<\/span>)->group(function<\/span> ()<\/span> <\/span>{\n<\/span><\/span>    Route::resource('roles'<\/span>, RoleController::class);          \/\/ index, create, store, edit, update, destroy<\/span>\n<\/span><\/span>    Route::resource('permissions'<\/span>, PermissionController::class);\n<\/span><\/span>\n<\/span><\/span>    \/\/ Assign roles to users<\/span>\n<\/span><\/span>    Route::get('users\/{user}\/roles'<\/span>, [UserRoleController::class, 'edit'<\/span>])->name('users.roles.edit'<\/span>);\n<\/span><\/span>    Route::put('users\/{user}\/roles'<\/span>, [UserRoleController::class, 'update'<\/span>])->name('users.roles.update'<\/span>);\n<\/span><\/span>});\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
Controller examples:<\/p>\n\n\n
\/\/ app\/Http\/Controllers\/Admin\/RoleController.php<\/span>\n<\/span><\/span>namespace<\/span> App<\/span>\\Http<\/span>\\Controllers<\/span>\\Admin<\/span>;\n<\/span><\/span>\n<\/span><\/span>use<\/span> App<\/span>\\Http<\/span>\\Controllers<\/span>\\Controller<\/span>;\n<\/span><\/span>use<\/span> Illuminate<\/span>\\Http<\/span>\\Request<\/span>;\n<\/span><\/span>use<\/span> Spatie<\/span>\\Permission<\/span>\\Models<\/span>\\Role<\/span>;\n<\/span><\/span>use<\/span> Spatie<\/span>\\Permission<\/span>\\Models<\/span>\\Permission<\/span>;\n<\/span><\/span>\n<\/span><\/span>class<\/span> RoleController<\/span> extends<\/span> Controller<\/span><\/span>\n<\/span><\/span><\/span>{\n<\/span><\/span>    public<\/span> function<\/span> index<\/span>()<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $roles = Role::with('permissions'<\/span>)->paginate(10<\/span>);\n<\/span><\/span>        return<\/span> view('admin.roles.index'<\/span>, compact('roles'<\/span>));\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> create<\/span>()<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $permissions = Permission::orderBy('name'<\/span>)->get();\n<\/span><\/span>        return<\/span> view('admin.roles.create'<\/span>, compact('permissions'<\/span>));\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> store<\/span>(Request $request)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $data = $request->validate([\n<\/span><\/span>            'name'<\/span> => 'required|string|max:255|unique:roles,name'<\/span>,\n<\/span><\/span>            'permissions'<\/span> => 'array'<\/span>,\n<\/span><\/span>        ]);\n<\/span><\/span>\n<\/span><\/span>        $role = Role::create(['name'<\/span> => $data['name'<\/span>]]);\n<\/span><\/span>        $role->syncPermissions($data['permissions'<\/span>] ?? []);\n<\/span><\/span>\n<\/span><\/span>        return<\/span> redirect()->route('admin.roles.index'<\/span>)->with('status'<\/span>, 'Role created.'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> edit<\/span>(Role $role)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $permissions = Permission::orderBy('name'<\/span>)->get();\n<\/span><\/span>        $role->load('permissions'<\/span>);\n<\/span><\/span>        return<\/span> view('admin.roles.edit'<\/span>, compact('role'<\/span>, 'permissions'<\/span>));\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> update<\/span>(Request $request, Role $role)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $data = $request->validate([\n<\/span><\/span>            'name'<\/span> => 'required|string|max:255|unique:roles,name,'<\/span> . $role->id,\n<\/span><\/span>            'permissions'<\/span> => 'array'<\/span>,\n<\/span><\/span>        ]);\n<\/span><\/span>\n<\/span><\/span>        $role->update(['name'<\/span> => $data['name'<\/span>]]);\n<\/span><\/span>        $role->syncPermissions($data['permissions'<\/span>] ?? []);\n<\/span><\/span>\n<\/span><\/span>        return<\/span> redirect()->route('admin.roles.index'<\/span>)->with('status'<\/span>, 'Role updated.'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> destroy<\/span>(Role $role)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $role->delete();\n<\/span><\/span>        return<\/span> back()->with('status'<\/span>, 'Role deleted.'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>}\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n
\/\/ app\/Http\/Controllers\/Admin\/PermissionController.php<\/span>\n<\/span><\/span>namespace<\/span> App<\/span>\\Http<\/span>\\Controllers<\/span>\\Admin<\/span>;\n<\/span><\/span>\n<\/span><\/span>use<\/span> App<\/span>\\Http<\/span>\\Controllers<\/span>\\Controller<\/span>;\n<\/span><\/span>use<\/span> Illuminate<\/span>\\Http<\/span>\\Request<\/span>;\n<\/span><\/span>use<\/span> Spatie<\/span>\\Permission<\/span>\\Models<\/span>\\Permission<\/span>;\n<\/span><\/span>\n<\/span><\/span>class<\/span> PermissionController<\/span> extends<\/span> Controller<\/span><\/span>\n<\/span><\/span><\/span>{\n<\/span><\/span>    public<\/span> function<\/span> index<\/span>()<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $permissions = Permission::orderBy('name'<\/span>)->paginate(15<\/span>);\n<\/span><\/span>        return<\/span> view('admin.permissions.index'<\/span>, compact('permissions'<\/span>));\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> create<\/span>()<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        return<\/span> view('admin.permissions.create'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> store<\/span>(Request $request)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $data = $request->validate([\n<\/span><\/span>            'name'<\/span> => 'required|string|max:255|unique:permissions,name'<\/span>,\n<\/span><\/span>        ]);\n<\/span><\/span>\n<\/span><\/span>        Permission::create(['name'<\/span> => $data['name'<\/span>]]);\n<\/span><\/span>        return<\/span> redirect()->route('admin.permissions.index'<\/span>)->with('status'<\/span>, 'Permission created.'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> edit<\/span>(Permission $permission)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        return<\/span> view('admin.permissions.edit'<\/span>, compact('permission'<\/span>));\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> update<\/span>(Request $request, Permission $permission)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $data = $request->validate([\n<\/span><\/span>            'name'<\/span> => 'required|string|max:255|unique:permissions,name,'<\/span> . $permission->id,\n<\/span><\/span>        ]);\n<\/span><\/span>\n<\/span><\/span>        $permission->update(['name'<\/span> => $data['name'<\/span>]]);\n<\/span><\/span>        return<\/span> redirect()->route('admin.permissions.index'<\/span>)->with('status'<\/span>, 'Permission updated.'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> destroy<\/span>(Permission $permission)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $permission->delete();\n<\/span><\/span>        return<\/span> back()->with('status'<\/span>, 'Permission deleted.'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>}\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n
\/\/ app\/Http\/Controllers\/Admin\/UserRoleController.php<\/span>\n<\/span><\/span>namespace<\/span> App<\/span>\\Http<\/span>\\Controllers<\/span>\\Admin<\/span>;\n<\/span><\/span>\n<\/span><\/span>use<\/span> App<\/span>\\HttpControllers<\/span>\\Controller<\/span>;\n<\/span><\/span>use<\/span> App<\/span>\\Models<\/span>\\User<\/span>;\n<\/span><\/span>use<\/span> Illuminate<\/span>\\Http<\/span>\\Request<\/span>;\n<\/span><\/span>use<\/span> Spatie<\/span>\\Permission<\/span>\\Models<\/span>\\Role<\/span>;\n<\/span><\/span>\n<\/span><\/span>class<\/span> UserRoleController<\/span> extends<\/span> Controller<\/span><\/span>\n<\/span><\/span><\/span>{\n<\/span><\/span>    public<\/span> function<\/span> edit<\/span>(User $user)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $roles = Role::orderBy('name'<\/span>)->get();\n<\/span><\/span>        $user->load('roles'<\/span>);\n<\/span><\/span>        return<\/span> view('admin.users.roles'<\/span>, compact('user'<\/span>, 'roles'<\/span>));\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> update<\/span>(Request $request, User $user)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $data = $request->validate([\n<\/span><\/span>            'roles'<\/span> => 'array'<\/span>,\n<\/span><\/span>        ]);\n<\/span><\/span>\n<\/span><\/span>        $user->syncRoles($data['roles'<\/span>] ?? []);\n<\/span><\/span>        return<\/span> redirect()->route('admin.users.roles.edit'<\/span>, $user)->with('status'<\/span>, 'User roles updated.'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>}\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
Example Blade views (Bootstrap 5 layout implied):<\/p>\n\n\n
<!-- resources\/views\/admin\/roles\/index.blade.php -->\n<\/span><\/span>@extends('layouts.app'<\/span>)\n<\/span><\/span>\n<\/span><\/span>@section('content'<\/span>)\n<\/span><\/span><div class<\/span>=\"container<\/span>\"><\/span>\n<\/span><\/span>  <div<\/span> class<\/span>=\"d<\/span>-flex<\/span> justify<\/span>-content<\/span>-between<\/span> align<\/span>-items<\/span>-center<\/span> mb<\/span>-3\"><\/span>\n<\/span><\/span>    <h1<\/span> class<\/span>=\"h3<\/span>\">Roles<\/span><\/h1<\/span>><\/span>\n<\/span><\/span>    <a<\/span> href<\/span>=\"<\/span>{{ route('admin.roles.create'<\/span>) }}\" class=\"<\/span>btn btn-primary\">New Role<\/a><\/span>\n<\/span><\/span>  <\/div><\/span><\/span>\n<\/span><\/span><\/span><\/span>\n<\/span><\/span>  <table class=\"<\/span>table table-striped\"><\/span><\/span>\n<\/span><\/span>    <thead><tr><th>Name<\/th><th>Permissions<\/th><th class=\"<\/span>text-end\">Actions<\/th><\/tr><\/thead><\/span><\/span>\n<\/span><\/span>    <tbody><\/span><\/span>\n<\/span><\/span>      @foreach($roles as $role)<\/span><\/span>\n<\/span><\/span>        <tr><\/span><\/span>\n<\/span><\/span>          <td>{{ $role->name }}<\/td><\/span><\/span>\n<\/span><\/span>          <td>{{ $role->permissions->pluck('name')->join(', ') ?: '\u2014' }}<\/td><\/span><\/span>\n<\/span><\/span>          <td class=\"<\/span>text-end\"><\/span><\/span>\n<\/span><\/span>            <a href=\"<\/span>{{ route('admin.roles.edit'<\/span>, $role) }}\" class=\"<\/span>btn btn-sm btn-outline-secondary\">Edit<\/a><\/span><\/span>\n<\/span><\/span>            <form action=\"<\/span>{{ route('admin.roles.destroy'<\/span>, $role) }}\" method=\"<\/span>POST\" class=\"<\/span>d-inline\"><\/span><\/span>\n<\/span><\/span>              @csrf @method('DELETE')<\/span><\/span>\n<\/span><\/span>              <button class=\"<\/span>btn btn-sm btn-outline-danger\" onclick=\"<\/span>return<\/span> confirm('Delete this role?'<\/span>)\">Delete<\/button><\/span><\/span>\n<\/span><\/span>            <\/form><\/span><\/span>\n<\/span><\/span>          <\/td><\/span><\/span>\n<\/span><\/span>        <\/tr><\/span><\/span>\n<\/span><\/span>      @endforeach<\/span><\/span>\n<\/span><\/span>    <\/tbody><\/span><\/span>\n<\/span><\/span>  <\/table><\/span><\/span>\n<\/span><\/span><\/span><\/span>\n<\/span><\/span>  {{ $roles->links() }}<\/span><\/span>\n<\/span><\/span><\/div><\/span><\/span>\n<\/span><\/span>@endsection<\/span><\/span>\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n
<!-- resources\/views\/admin\/users\/roles.blade.php -->\n<\/span><\/span>@extends('layouts.app'<\/span>)\n<\/span><\/span>\n<\/span><\/span>@section('content'<\/span>)\n<\/span><\/span><div class<\/span>=\"container<\/span>\"><\/span>\n<\/span><\/span>  <h1<\/span> class<\/span>=\"h3<\/span> mb<\/span>-3\">Manage<\/span> Roles<\/span> for<\/span>: <\/span>{{ $user->name }}<\/h1>\n<\/span><\/span>\n<\/span><\/span>  @if<\/span>(session('status'<\/span>))\n<\/span><\/span>    <div class<\/span>=\"alert<\/span> alert<\/span>-success<\/span>\"><\/span>{{ session('status'<\/span>) }}<\/div>\n<\/span><\/span>  @endif<\/span>\n<\/span><\/span>\n<\/span><\/span>  <form method=\"POST\"<\/span> action=\"{{ route('admin.users.roles.update', $user) }}\"<\/span> class<\/span>=\"card<\/span> card<\/span>-body<\/span>\"><\/span>\n<\/span><\/span>    @csrf<\/span> @method<\/span>('PUT<\/span>')<\/span>\n<\/span><\/span><\/span>\n<\/span><\/span>    <div<\/span> class<\/span>=\"row<\/span>\"><\/span>\n<\/span><\/span>      @foreach<\/span>($roles<\/span> as<\/span> $role<\/span>)<\/span>\n<\/span><\/span>        <div<\/span> class<\/span>=\"col<\/span>-md<\/span>-4 mb<\/span>-2\"><\/span>\n<\/span><\/span>          <div<\/span> class<\/span>=\"form<\/span>-check<\/span>\"><\/span>\n<\/span><\/span>            <input<\/span> class<\/span>=\"form<\/span>-check<\/span>-input<\/span>\" type<\/span>=\"checkbox<\/span>\" name<\/span>=\"roles<\/span>[]\" value<\/span>=\"<\/span>{{ $role->name }}\"<\/span>\n<\/span><\/span>              id=\"<\/span>role_{{ $role->id }}\" {{ $user->hasRole($role->name) ? 'checked' : '' }}><\/span><\/span>\n<\/span><\/span>            <label for=\"<\/span>role_{{ $role->id }}\" class=\"<\/span>form-check-label\">{{ $role->name }}<\/label><\/span><\/span>\n<\/span><\/span>          <\/div><\/span><\/span>\n<\/span><\/span>        <\/div><\/span><\/span>\n<\/span><\/span>      @endforeach<\/span><\/span>\n<\/span><\/span>    <\/div><\/span><\/span>\n<\/span><\/span><\/span><\/span>\n<\/span><\/span>    <div class=\"<\/span>mt-3<\/span>\"><\/span><\/span>\n<\/span><\/span>      <button class=\"<\/span>btn btn-primary\">Save<\/button><\/span><\/span>\n<\/span><\/span>    <\/div><\/span><\/span>\n<\/span><\/span>  <\/form><\/span><\/span>\n<\/span><\/span><\/div><\/span><\/span>\n<\/span><\/span>@endsection<\/span><\/span>\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
In Blade, you can also show\/hide controls using directives:<\/p>\n\n\n
@role('Admin'<\/span>)\n<\/span><\/span>  <a href=\"{{ route('admin.roles.index') }}\"<\/span> class<\/span>=\"btn<\/span> btn<\/span>-sm<\/span> btn<\/span>-outline<\/span>-primary<\/span>\">Manage<\/span> Roles<\/span><\/a<\/span>><\/span>\n<\/span><\/span>@endrole<\/span><\/span>\n<\/span><\/span><\/span>\n<\/span><\/span>@can<\/span>('posts<\/span>.create<\/span>')<\/span>\n<\/span><\/span>  <a<\/span> href<\/span>=\"<\/span>{{ url('\/posts\/create'<\/span>) }}\" class=\"<\/span>btn btn-primary\">New Post<\/a><\/span>\n<\/span><\/span>@endcan<\/span><\/span>\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/p>\n\n\n\n
\n
Security notes:<\/strong> Keep the admin routes behind auth<\/code> + role:Admin<\/code>. Validate inputs. Prefer syncRoles<\/code> \/ syncPermissions<\/code> to avoid stale assignments.<\/p>\n<\/blockquote>\n\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
Step 7 – Test Assignments Quickly<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n
php artisan tinker\n\n>>> $u = \\App\\Models\\User::first();\n>>> $u->assignRole('Admin'<\/span>);\n>>> $u->can('users.edit'<\/span>); \/\/ true if Admin has this permission<\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
Conclusion<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n\n
You now have a working RBAC foundation in Laravel 12: roles, permissions, protected routes, and a minimal UI to manage everything. From here, you can expand the interface (search, pagination, bulk assign), add activity logs, and expose APIs for admin operations.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/span>
\n
Grab a production-ready implementation<\/strong><\/h2>\n\n\n\n
If you don\u2019t want to wire up all the edge cases (UI, roles, permissions, settings toggles, demos), Grab a production-ready implementation<\/strong>:<\/p>\n\n\n\n
\"\"<\/figure>
\n
Laravel Roles & Permissions UI<\/strong><\/h2>\n\n\n\n
This lightweight Laravel starter kit helps you quickly integrate user roles and permissions using the popular spatie\/laravel-permission package.<\/p>\n\n\n\n
\n
Learn more<\/a><\/div>\n<\/div>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
When building modern applications, one of the most common requirements is managing user roles and permissions. In this post, we\u2019ll break down the concepts, then show you how to implement them in a Laravel 12 app step by step \u2014 including a simple admin UI to manage roles and permissions. Definitions Role: A role is […]<\/p>\n","protected":false},"author":1,"featured_media":117,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[16,15,17],"class_list":["post-115","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-laravel","tag-permissions","tag-roles","tag-roles-and-permissions"],"_links":{"self":[{"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/posts\/115","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/comments?post=115"}],"version-history":[{"count":3,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/posts\/115\/revisions"}],"predecessor-version":[{"id":120,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/posts\/115\/revisions\/120"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/media\/117"}],"wp:attachment":[{"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/media?parent=115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/categories?post=115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/tags?post=115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}