Roles & Permission [ACL] in Laravel using Zizaco Entrust

Roles & Permission [ACL] in Laravel using Zizaco Entrust

Zizaco Entrust is a powerful package for Laravel that simplifies permission and role management, enabling fine-grained access control in your web applications. In this article, we will explore the requisites for using Zizaco Entrust, provide step-by-step installation instructions, and present a practical example to showcase its usage.


Before installing Zizaco Entrust, ensure that your environment meets the following requirements:

  • PHP version 7.2 or above.

  • PHP extensions

    • PDO

    • OpenSSL


Follow these steps to install Zizaco Entrust in your Laravel project:

Step 1: Navigate to your Laravel project directory in the terminal or command prompt.

Step 2: Run the Composer command below to install the package:

composer require zizaco/entrust

Step 3: After the installation is complete, open your config/app.php file and add the following service provider and facade:

'providers' => [
    // Other providers...

'aliases' => [
    // Other aliases...
    'Entrust' => Zizaco\Entrust\EntrustFacade::class,

Step 4: Publish the configuration file using the following Artisan command: .

php artisan vendor:publish --provider="Zizaco\Entrust\EntrustServiceProvider"

Step 5: Run the database migrations to create the required tables: .

php artisan migrate

Once Zizaco Entrust is installed and configured, you can begin managing permissions and roles. Let's walk through a practical example:

Let's walk through a practical example:

use App\Models\User;
use App\Models\Role;
use App\Models\Permission;

// Creating roles
$adminRole = Role::create(['name' => 'admin']);
$editorRole = Role::create(['name' => 'editor']);

// Creating permissions
$createPostPermission = Permission::create(['name' => 'create-post']);
$editPostPermission = Permission::create(['name' => 'edit-post']);

// Associating permissions with roles
$adminRole->attachPermissions([$createPostPermission, $editPostPermission]);

// Assigning roles to users
$user = User::find(1); // Retrieve the user to whom you want to assign a role

// Checking permissions for a user
if ($user->can('create-post')) {
    // User can create a post
} else {
    // User cannot create a post

Entrust Usage

Zizaco Entrust provides several powerful features for permission and role management. Let's explore some key concepts and their usage scenarios with explanations and examples:

  1. Checking for Roles & Permissions: You can check if a user has a specific role or permission using the following methods:
  •     $user->hasRole('role-name'): //Check if a user has a particular role.
        $user->can('permission-name'): // Check if a user has a specific permission.
  1. User Ability: You can also use the can method on the user model to check for a permission. For example:
if ($user->can('edit-post')) {
    // User has the "edit-post" permission
} else {
    // User does not have the "edit-post" permission
  1. Blade Templates: Zizaco Entrust provides Blade directives to conditionally show content based on roles or permissions. For example:
    // Content visible to users with the "admin" role

    // Content visible to users with the "edit-post" permission
  1. Middleware: You can use Entrust middleware to protect routes based on roles or permissions. For example:
Route::group(['middleware' => ['role:admin']], function () {
    // Routes accessible to users with the "admin" role
  1. Short Syntax Route Filter: You can use route filters to protect routes based on roles or permissions. For example:
Route::get('admin/dashboard', ['before' => 'role:admin', function () {
    // Route accessible to users with the "admin" role


Zizaco Entrust provides powerful tools for managing roles and permissions in your Laravel application. By following the installation, configuration, and usage examples presented in this article, you can leverage Zizaco Entrust's features to implement fine-grained access control and enhance the security and integrity of your application.

For more detailed instructions, advanced features, and customization options, refer to the official documentation of Zizaco Entrust available on its Zizaco GitHub Repository.

Happy Coding !!!

Did you find this article valuable?

Support Laravel Tips & Tutorials - KeyTech Blog by becoming a sponsor. Any amount is appreciated!