Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

bearbytestudio's avatar

Help with Spatie permissions package

In my laravel app i am using spatie permissions (https://spatie.be/docs/laravel-permission).

I have an admin role, and that role has 10 or so permissions attached to it. It's an incredible package by Spatie (as always), but I find it a bit frustrating that if I assign a role to a user, and then check $user->permissions, the roles permissions aren't filtered down.

Ideally, I want to be able to attach a role to a user, but then be able to deselect a couple of the roles permissions on a user by user basis. How can I do this or is there a better way to achieve this? Many thanks!

0 likes
3 replies
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

To achieve the desired functionality of being able to deselect specific permissions for a user on a user-by-user basis, you can make use of the Spatie permissions package's ability to assign permissions directly to users.

Here's a step-by-step solution:

  1. Install the Spatie permissions package if you haven't already done so. You can follow the installation instructions provided in the documentation: https://spatie.be/docs/laravel-permission

  2. Create a new migration to add a permissions column to the users table. This column will store the individual permissions assigned to each user. Run the following command to generate the migration:

php artisan make:migration add_permissions_to_users --table=users
  1. Open the generated migration file and add the following code to the up method:
public function up()
{
    Schema::table('users', function (Blueprint $table) {
        $table->json('permissions')->nullable();
    });
}
  1. Run the migration to add the permissions column to the users table:
php artisan migrate
  1. In your application, when assigning a role to a user, you can now also assign specific permissions directly to the user. For example:
use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;

$role = Role::findByName('admin');
$user = User::find(1);

$permissionsToAssign = [
    'edit articles',
    'delete articles',
];

$permissions = Permission::whereIn('name', $permissionsToAssign)->get();

$user->syncPermissions($permissions);
$user->assignRole($role);

In the above example, we first retrieve the admin role and the user we want to assign the role to. Then, we define an array of permissions we want to assign to the user. We retrieve the corresponding permission models using whereIn and pass them to the syncPermissions method of the user. Finally, we assign the role to the user using the assignRole method.

  1. To retrieve the filtered permissions for a user, you can use the permissions relationship on the user model. For example:
$user = User::find(1);
$filteredPermissions = $user->permissions;

The $filteredPermissions variable will contain only the permissions that have been assigned directly to the user, excluding the permissions inherited from the assigned role.

By following these steps, you should be able to achieve the desired functionality of being able to deselect specific permissions for a user on a user-by-user basis using the Spatie permissions package.

JabatoForever's avatar
JabatoForever
2 years ago
Best Answer
Level 2

hi @bearbytestudio, Why would u want to give the user a role with some permissions via this role, but then u want to remove them on a specific user? You can't since u assigned a role to the user that has all those permissions, but you can assign permissions directly on a user model, maybe just make a basic role with the basic permissions you need for each user and then add permissions user based.

$user->givePermissionTo('edit articles');

and those would be user based, but the one you assign to the user don't exclude the one assigned via the role, all users with that role will have those permissions

bearbytestudio's avatar

@JabatoForever many thanks! I guess my hope was that a Role was seen as more of a "group" of permissions that you could quickly attach to a user, but then tweak by adding or removing on a user basis. As you say, I should trim down the permissions for the role, and then add extra permissions to that user when needed. Thanks for your help!

1 like

Please or to participate in this conversation.