Implement Attribute-Based Access Control (ABAC) Permission System #5
Description
Is your feature request related to a problem?
Currently, there is no permission system in place, making it difficult to control access to specific actions and resources. Traditional Role-Based Access Control (RBAC) can be too rigid for complex applications, where permissions should depend on attributes rather than just predefined roles.
Describe the solution you'd like.
A flexible Attribute-Based Access Control (ABAC) system where permissions are granted based on:
- User attributes (e.g., role, department, seniority level).
- Resource attributes (e.g., owner, creation date, status).
- Contextual attributes (e.g., time of access, IP address).
- Policy-based rules that allow fine-grained control over access decisions.
The implementation should integrate seamlessly with Laravel 11+, supporting middleware, policies, or a dedicated access control service.
Describe alternatives you've considered.
- Implementing a traditional RBAC system, but this lacks the flexibility needed for dynamic permission handling.
- Using Laravel Gates and Policies, but these are more suited for simple access control rather than complex attribute-based logic.
- Relying on third-party ACL packages, but many are either outdated or focused on RBAC instead of ABAC.
Other
A configuration or UI for managing permission rules dynamically would be a valuable addition tho not being a must as abac systems are difficult to get into a for example database.