To set up middleware for the Spatie Laravel Permission package, follow these detailed steps according to your Laravel version, especially considering Laravel 11 changes:
1. Register Middleware Aliases
Spatie provides three middleware classes for role and permission checks:
- `RoleMiddleware` - checks if a user has a specific role.
- `PermissionMiddleware` - checks if a user has a specific permission.
- `RoleOrPermissionMiddleware` - checks if a user has either a role or permission.
You need to register these middleware aliases so you can easily use them in routes or controllers.
- In Laravel 11:**
Laravel 11 no longer uses the `app/Http/Kernel.php` file for middleware registration. Instead, you register middleware aliases in the `/bootstrap/app.php` file using the `withMiddleware` method:
php
$app->withMiddleware(function ($middleware) {
$middleware->alias([
'role' => \Spatie\Permission\Middleware\RoleMiddleware::class,
'permission' => \Spatie\Permission\Middleware\PermissionMiddleware::class,
'role_or_permission' => \Spatie\Permission\Middleware\RoleOrPermissionMiddleware::class,
]);
});
This registers the middleware aliases `'role'`, `'permission'`, and `'role_or_permission'` for use throughout your app[1][5][7].
- In Laravel 9 and 10:**
You add the middleware aliases in `app/Http/Kernel.php` inside the `$middlewareAliases` array:
php
protected $middlewareAliases = [
// other middleware...
'role' => \Spatie\Permission\Middleware\RoleMiddleware::class,
'permission' => \Spatie\Permission\Middleware\PermissionMiddleware::class,
'role_or_permission' => \Spatie\Permission\Middleware\RoleOrPermissionMiddleware::class,
];
Note that the namespace is singular `Middleware` (not `Middlewares`) as per Spatie v6 update[1][9].
2. Use Middleware in Routes or Controllers
Once registered, you can use the middleware aliases in your route definitions or controller constructors.
- In routes:**
php
Route::group(['middleware' => ['role:admin']], function () {
// routes accessible only to users with 'admin' role
});
Route::group(['middleware' => ['permission:edit articles|delete articles']], function () {
// routes accessible if user has either 'edit articles' or 'delete articles' permission
});
- In controllers:**
You can apply middleware in the controller constructor:
php
public function __construct()
{
$this->middleware('permission:create_customer|delete_customer|edit_customer');
}
Note that when you specify multiple permissions separated by `|`, the middleware allows access if the user has *any* of those permissions[1][2][6].
3. Middleware via Static Methods
Alternatively, you can apply middleware by calling static `using` methods on the middleware classes, which accept either an array or pipe-separated string of roles or permissions:
php
Route::group(['middleware' => [\Spatie\Permission\Middleware\RoleMiddleware::using('manager')]], function () {
// routes for 'manager' role
});
Route::group(['middleware' => [\Spatie\Permission\Middleware\PermissionMiddleware::using('publish articles|edit articles')]], function () {
// routes for users with either permission
});
This approach can be useful for dynamic or programmatic middleware assignment[1].
4. Important Notes
- Make sure you use the correct namespace: `Spatie\Permission\Middleware` (singular), not `Middlewares`.
- If you encounter errors like "Target class [role] does not exist," it usually means middleware aliases are not registered properly, especially in Laravel 11 where the kernel file is removed[7][9].
- For more granular authorization (e.g., different permissions for different controller methods), consider using Laravel's policy feature alongside Spatie permissions[2].
By following these steps, you can properly set up and use Spatie middleware for role and permission management in your Laravel application.
Citations:
[1] https://spatie.be/docs/laravel-permission/v6/basic-usage/middleware
[2] https://stackoverflow.com/questions/66920162/how-to-use-spatie-permission-middleware-in-laravel
[3] https://spatie.be/docs/laravel-permission/v6/installation-laravel
[4] https://laravel.io/forum/how-to-properly-use-controller-middleware
[5] https://www.interviewsolutionshub.com/post/how-to-register-spatie-package-middleware-in-laravel-11
[6] https://dev.to/elvisans/managing-permissions-in-laravel-applications-using-spatie-1le
[7] https://github.com/spatie/laravel-permission/discussions/2665
[8] https://www.youtube.com/watch?v=GOeB0JFwoJQ
[9] https://stackoverflow.com/questions/77370274/target-class-spatie-permission-middlewares-permissionmiddleware-does-not-exist