Simplifying Vue Authorization with Laratrust

Mirza Waleed

Mirza Waleed


As applications grow more complex, scattered authorization logic drains development resources. This article demonstrates centralized permission handling with Laratrust to simplify maintenance.

Integrating the package’s role-based system into a Vuex store abstracts policy checks. Updates affect single files rather than many. Engineers focus on building features, not duplicating permission workflows.

Following best practices, teams of any size can confidently scale sophisticated application domains while reducing a perennial source of debt. Read on to transform permission handling within progressive applications.

Laratrust Overview

Laratrust is an authorization package for Laravel that simplifies permission management using role-based access controls (RBAC).

What it Does

Laratrust provides an easy way to check if a user is allowed to perform an “ability” based on their assigned roles within a Laravel application. This removes the need to write duplicate authorization logic throughout the code.

Key Concepts

  • Roles – Logical groupings that users can be assigned like “Admin” or “Client”.
  • Abilities – Discrete permissions like “create posts” or “view invoices”.
  • Role-Ability Relationships – Roles can have many abilities assigned through a pivot table.
  • Check Policies – Methods to check if a user role has access to perform an ability.
  • User Model – Users can be assigned multiple roles for complex permission scenarios.

Architecture Overview

  • Role & Ability Models – Data layer to define and link roles to abilities.
  • User Model – A user can be assigned one or more roles.
  • Policy Class – Checks user roles against required abilities via Role-Ability relationships.
  • Laratrust Facades – Static methods to retrieve roles, check abilities and define policies across apps.
  • Middleware – Handles policy checks on routes and controllers via Facades.

This stratified approach keeps permissions well-defined in a centralized package rather than scattered in code.


  • Simple and flexible – Roles, abilities and policies are straightforward to define and manage.
  • Role inheritance – Child roles can inherit a parent’s abilities for more nuanced permissions.
  • Middleware – Global middleware handles checks on all routes/controllers automatically.
  • Large codebase friendly – Scalable RBAC approach as apps grow more complex over time.

This rich overview illustrates how Laratrust provides a robust yet simple foundation for granular authorization in Laravel applications.

Installing and Configuring Laratrust

Require the package in your composer.json file:

composer require laratrust/laratrust

Composer will install the package and its service provider.

Publishing Migrations

Publish Laratrust’s migrations to generate necessary tables:

php artisan vendor:publish –tag=”laratrust-migrations”

Run the migrations:

php artisan migrate

Seeding Roles and Abilities

Seed initial data to define sample roles and abilities:

php artisan db:seed –class=LaratrustSeeder

Configuring Ability Model

In config/ability.php, set the model class to implement abilities:

‘ability_model’ => App\Models\Ability::class

Configuring Policy Classes

Generate policy classes with predefined methods:

php artisan make:policy RolePolicy -m Role

These will check abilities using the Laratrust facade.


Add Laratrust service provider to config/app.php under ‘providers’ array.

Now Laratrust is installed and its core components like roles, abilities and policies are configured to integrate authorization throughout the app.


Integrating with Vuex

Laratrust’s authorization policies need to be accessible in Vue. Leveraging Vuex allows centralizing this logic and sharing user/role data across components in a reactive way.

Installing Vuex

You can easily install it using npm package manager

npm install Vuex

Creating Auth Module

Generate a store/modules/auth.js module:

import { laratrust } from '@/mixins/laratrust' 

export default {

namespaced: true,

state: {

user: null,

roles: []


getters: {

// Check ability from state

can(state) { 

return ability => laratrust.can(ability)



actions: {

async login({commit}, user) {

// Call Laravel login

commit('setUser', response.user)


async registerRole({commit}, role) {

// Call Laravel register role

commit('addRole', role)



mutations: {

setUser(state, user) {

state.user = user


addRole(state, role) {






Registering Module

In main.js:

import Vue from 'vue'

import Vuex from 'vuex'

import auth from './store/modules/auth'


export default new Vuex.Store({

modules: {





Now any component can import the can getter to check abilities based on the user’s state managed centrally in Vuex.

Protecting Routes and Components

Laratrust provides tools to enforce authorization at the route and component levels.

Route Guards

The LaratrustRouteGuard middleware checks abilities on route navigation using the policies defined in routes. Route parameters can pass dynamic context to validation logic.

Before Mount Hook

Components can integrate a beforeMount lifecycle hook to validate access before rendering content. This prevents unauthorized data display.

Error Handling

The authorize method throws customized exceptions on failures. Integrate error capturing to redirect users or display friendly messages instead of stack traces.

For example, controllers can try authorizing and catching failures to return the proper response code.

Consistent checks at these levels ensure interface elements remain restricted as intended throughout navigation and loading. Graceful handling of errors preserves usability.

Route guards centralize navigation rules while components and controllers maintain granular control. Together they fully lock down all portions of the application according to authorization policies.


Effective permission management is critical as applications evolve in complexity. Yet clarity and simplicity must prevail to keep developers productive.

This article demonstrated how Laratrust empowers rigorous controls through an intuitive role-based paradigm. By integrating the package directly into Vuex, policy logic resides where it can be easily maintained – not scattered throughout the codebase.

Teams retain focus on delivering exceptional functionality, not reconciling duplicate authorization workflows between frontends and backends. Updates affect centralized classes rather than hunting throughout millions of lines.

Drawing clear boundaries on access fosters healthier collaboration at scale. Policy changes require single conversations rather than fragmenting understanding. Engineers gain assurance that permission logic will withstand changes over time.

Overall Laratrust streamlines a ubiquitous concern into a lightweight foundation. Development progresses unobstructed by avoidable complexities. Resources redirect fully to crafting seamless experiences that surpass users’ highest expectations.

When permission management no longer hinders but rather empowers, applications break free to reach their greatest potential.

Ready To Start Your Project