Laravel 12 with Filament: Adding Roles and Permissions Made Easy

Imagine you're building a blogging platform where:

• Admins can manage everything.
• Editors can publish posts but can't delete users.
• Readers can only view content.

Without roles and permissions, chaos ensues! Thankfully, Laravel makes this easy—especially when combined with Filament, a powerful admin panel builder.

In this guide, you'll learn how to:
✅ Set up Laravel 12 with Filament.
✅ Create roles and permissions using Spatie Laravel-Permission.
✅ Restrict access in Filament panels.

Let’s dive in!

1. Setting Up Laravel 12 with Filament

Prerequisites

• PHP 8.2+
• Composer
• Laravel 12 installed

Step 1: Install Laravel

Run:

composer create-project laravel/laravel filament-roles-demo
cd filament-roles-demo

Step 2: Install Filament

Filament provides a sleek admin panel. Install it via:

composer require filament/filament:"^3.2"

Step 3: Set Up Filament

Publish assets and create an admin user:

php artisan filament:install --panels
php artisan make:filament-user

Follow the prompts to create your first admin.

Now, visit /admin and log in—you’ll see the Filament dashboard!

2. Adding Roles & Permissions with Spatie

Why Spatie?

Spatie’s laravel-permission package is the gold standard for role management in Laravel.

Step 1: Install the Package

composer require spatie/laravel-permission

Step 2: Publish Migrations

php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"
php artisan migrate

This creates roles and permissions tables.

Step 3: Update the User Model

Add the HasRoles trait to app/Models/User.php:

use Spatie\Permission\Traits\HasRoles;

class User extends Authenticatable
{
    use HasRoles;
    // ...
}

3. Creating Roles & Permissions

Step 1: Seed Default Roles & Permissions

Create a seeder:

php artisan make:seeder RolePermissionSeeder

Edit database/seeders/RolePermissionSeeder.php:

use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;

public function run()
{
    // Create roles
    $admin = Role::create(['name' => 'admin']);
    $editor = Role::create(['name' => 'editor']);
    $user = Role::create(['name' => 'user']);

    // Create permissions
    Permission::create(['name' => 'create posts']);
    Permission::create(['name' => 'edit posts']);
    Permission::create(['name' => 'delete posts']);

    // Assign permissions to roles
    $admin->givePermissionTo(['create posts', 'edit posts', 'delete posts']);
    $editor->givePermissionTo(['create posts', 'edit posts']);
}

Run the seeder:

php artisan db:seed --class=RolePermissionSeeder

Step 2: Assign Roles to Users

In tinker or a controller:

$user = User::find(1);
$user->assignRole('admin');

4. Restricting Access in Filament

Now, let’s protect Filament resources based on roles.

Example: Protecting a Post Resource

Edit app/Filament/Resources/PostResource.php:

use Illuminate\Support\Facades\Auth;

public static function canViewAny(): bool
{
    return Auth::user()->hasRole('admin') || Auth::user()->hasRole('editor');
}

Hiding Navigation Items

In app/Providers/Filament/AdminPanelProvider.php:

use App\Models\User;

$navigationItems = [
    // ...
];

if (auth()->user()->hasRole('admin')) {
    $navigationItems[] = NavigationItem::make('Admin Tools')->url('/admin/tools');
}

Key Takeaways

🎯 Filament makes building admin panels fast and easy.
🎯 Spatie’s Laravel-Permission handles roles seamlessly.
🎯 Always restrict access in Filament using canViewAny().
🎯 Use middleware or conditional UI rendering for finer control.

Final Thoughts

Now you can secure your Laravel 12 app with Filament and Spatie permissions! 🚀

Got questions? Drop them in the comments! Happy coding! 💻