Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I’m building a Laravel application using Laravel Auth for authentication. In my app, a user can be either the owner of a project or a collaborator. Each project has multiple resources, and access to those resources depends on the user’s role within that specific project (not global roles).
Is there an existing Laravel package that supports project-scoped roles and permissions, or is the recommended approach to implement this using pivot tables and Laravel policies?
What is the best practice for this scenario?
@abdunnasir I just use policies, and check the “owner” in any child policy methods.
For example, if a “project“ had a “board” sub-resource, then I’d have a BoardPolicy with checks like this:
class BoardPolicy
{
public function update(User $user, Board $board): bool
{
return $user->projects->contains($board->project_id);
}
}
That would allow a user to only update boards in projects they belong to.
Please or to participate in this conversation.