// the find
santigarcor/laratrust
Handle roles and permissions in your Laravel application
Laratrust is a Laravel package for role-based access control with team scoping — assign roles and permissions to users, optionally constrained to a 'team' (a project, organization, or any grouping your app needs). It's aimed at multi-tenant or multi-context Laravel apps where a user might be an admin in one team and a viewer in another.
The teams feature is the main reason to pick this over Spatie's Permission package — it handles the case where a user's role differs per organizational context without you bolting on a pivot table hack. Two checker strategies (default model-based and query-based) let you trade N+1 safety for eager-loading flexibility. Built-in caching on role/permission checks means you're not hammering the DB on every `hasRole()` call. Laravel Gates integration means you can keep using standard `@can` Blade directives and policy checks without rewriting authorization logic.
The admin panel is barebones Blade with no real access control on the panel itself — you have to wire up protection manually, which is easy to forget and ship insecure. No support for wildcard permissions (e.g. `posts.*`) out of the box, which becomes painful in complex permission hierarchies. The teams concept adds a third dimension to every permission check, and the docs gloss over how to handle the 'no team' case — apps that start without teams and add them later will hit migration headaches. With ~2.3k stars it's maintained but not dominant; Spatie's laravel-permission has 5x the adoption, which means more community answers when things break.