A comprehensive Laravel application implementing Role-Based Access Control (RBAC) using the Spatie Laravel Permission package. This system features secure authentication, granular permission management, and a modern UI with server-side DataTables, Select2 dropdowns, and SweetAlert2 notifications.

• Prerequisites
• Installation
• Database Setup
• Running the Application
• Default Credentials
• Architecture Overview
• Features
• Testing
• Project Structure

Before you begin, ensure your development environment meets the following requirements:

• PHP: >= 8.2
• Composer: Latest version
• Laravel Framework: ^12.0
• Database: MySQL >= 8.0 or PostgreSQL >= 13.0 or SQLite >= 3.35
• Node.js: >= 18.x
• NPM: >= 9.x (or Yarn >= 1.22)
• Web Server: Apache or Nginx (or use php artisan serve for local development)

Follow these steps to set up the project on your local machine:

git clone <repository-url>
cd rbac

composer install

npm install

Copy the example environment file and configure it:

cp .env.example .env

Edit the .env file and configure your database connection:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=rbac
DB_USERNAME=root
DB_PASSWORD=

php artisan key:generate

Execute the migrations to create all necessary database tables:

php artisan migrate

This will create the following tables:

• users - User accounts
• roles - System roles (Admin, Manager, User)
• permissions - Granular permissions
• model_has_roles - User-role assignments
• model_has_permissions - User-permission assignments
• role_has_permissions - Role-permission assignments
• sections - Section entities
• classes - Class entities (with section relationships)

Populate the database with default roles, permissions, and test users:

php artisan db:seed

What gets seeded:

• Roles: Admin, Manager, User
• Permissions: Complete set of permissions for users, profiles, sections, and classes
• Users:
  • Admin user: admin@example.com / password
  • Manager user: manager@example.com / password
  • Standard user: user@example.com / password
  • 10 additional random users with randomly assigned roles

To reset the database and seed it in one command:

php artisan migrate:fresh --seed

php artisan serve

The application will be available at: http://127.0.0.1:8000

In a separate terminal, run the Vite development server for hot module replacement:

npm run dev

Then access the application at: http://127.0.0.1:8000

To compile and minify assets for production:

npm run build

For production environments:

1. Set APP_ENV=production and APP_DEBUG=false in .env
2. Run composer install --optimize-autoloader --no-dev
3. Run npm run build
4. Run php artisan config:cache
5. Run php artisan route:cache
6. Run php artisan view:cache
7. Configure your web server (Apache/Nginx) to point to the public directory

Use these credentials to log in and test different role permissions:

This application uses the Spatie Laravel Permission package to implement a robust, scalable RBAC system.

1. Roles: Collections of permissions (e.g., Admin, Manager, User)
2. Permissions: Granular actions (e.g., users.view, sections.create)
3. Policies: Laravel authorization gates for model-level checks
4. Middleware: Route-level protection (RoleMiddleware)

Permissions follow a resource.action naming convention:

users.view
users.create
users.update
users.delete
users.assignRoles

sections.view
sections.create
sections.update
sections.delete

classes.view
classes.create
classes.update
classes.delete

• Admin: All permissions (full system access)
• Manager: User, section, and class CRUD; cannot assign roles or manage permissions
• User: Profile view/update only

The RoleMiddleware enforces role-based route restrictions:

• Admin: Full access to all routes
• Manager: Access to user, section, and class management; blocked from role/permission routes
• User: Profile routes only

Authorization policies provide fine-grained control:

• UserPolicy: Controls user management actions
• ProfilePolicy: Controls profile access (users can only edit their own)
• SectionPolicy: Controls section management
• ClassPolicy: Controls class management

• Admin: Full CRUD operations, role assignment
• Manager: View, create, update, delete users (no role assignment)
• Server-side DataTables with search, sort, pagination
• Role-based action button visibility
• SweetAlert2 delete confirmations

• Admin/Manager: Full CRUD operations
• Server-side DataTables integration
• Unique section names with validation
• Linked to Classes module

• Admin/Manager: Full CRUD operations
• Select2 AJAX dropdown for section selection
  • Server-side search and pagination
  • Dynamic section loading
• Server-side DataTables with section filtering
• Foreign key relationship to sections

• All authenticated users can view/edit their own profile
• Password update functionality
• Account deletion with confirmation

• DataTables: Server-side processing via Yajra package
• Select2: AJAX-powered dropdowns with search
• SweetAlert2: Beautiful confirmation dialogs and notifications
• Responsive Design: Tailwind CSS with mobile-first approach
• RBAC Blade Directives: @can, @role, @cannot for conditional rendering

Execute the test suite:

php artisan test

Or with detailed output:

php artisan test --parallel

The application includes:

• Unit Tests: Role assignment, permission checks, service logic
• Feature Tests:
  • RBAC middleware restrictions
  • Policy authorization (e.g., Manager cannot assign roles)
  • CRUD workflows (create/update/delete success and validation failures)
  • Profile self-edit enforcement

Tests use an in-memory SQLite database by default. Configure phpunit.xml if you need a different setup.

rbac/
├── app/
│   ├── Http/
│   │   ├── Controllers/        # Resource controllers (User, Section, Class)
│   │   ├── Middleware/         # RoleMiddleware for route protection
│   │   └── Requests/           # Form request validation
│   ├── Models/                 # Eloquent models (User, Section, ClassModel)
│   ├── Policies/               # Authorization policies
│   └── Services/               # Business logic layer
├── database/
│   ├── migrations/             # Database schema migrations
│   ├── seeders/                # Database seeders (roles, permissions, users)
│   └── factories/              # Model factories for testing
├── resources/
│   ├── js/
│   │   ├── users/              # User module JS (DataTable, Select2, alerts)
│   │   ├── sections/           # Section module JS
│   │   └── classes/            # Class module JS (with Select2 AJAX)
│   ├── views/
│   │   ├── users/              # User CRUD views + partials
│   │   ├── sections/           # Section CRUD views + partials
│   │   └── classes/            # Class CRUD views + partials
│   └── css/
│       └── app.css             # Custom styles + DataTables CSS
├── routes/
│   └── web.php                 # Application routes
└── tests/
    ├── Feature/                # Feature tests (RBAC, CRUD)
    └── Unit/                   # Unit tests (services, policies)

• Backend: Laravel 12, PHP 8.2+
• RBAC: Spatie Laravel Permission
• Frontend: Tailwind CSS, Alpine.js
• DataTables: Yajra Laravel DataTables (server-side)
• Select2: AJAX-powered dropdowns
• Alerts: SweetAlert2
• Build Tool: Vite
• Testing: PHPUnit, Pest (optional)

php artisan optimize:clear

composer require --dev barryvdh/laravel-ide-helper
php artisan ide-helper:generate
php artisan ide-helper:models --nowrite

./vendor/bin/pint

This project is open-sourced software licensed under the MIT license.

For issues, questions, or contributions, please contact the development team or open an issue in the project repository.

Note: This is a technical assignment project demonstrating RBAC implementation best practices in Laravel. All passwords are set to password for demonstration purposes only.