Nubos StarterKit

Appearance

Identity Pro

Advanced permissions, groups, and impersonation for Nubos applications.

Packagenubos/identity-pro
Price290 EUR (one-time, per project)
Requiresnubos/starter-kit (base)
StatusIn development

Overview

The base Starter Kit gives you simple role assignment -- owner, admin, member. Identity Pro replaces that with a full permission system. You get granular, action-level permissions bundled into roles, user groups that work independently of your organization hierarchy, and a safe impersonation mechanism for support and debugging.

This is a paid Composer package. There is no code in the Starter Kit repository. You install it like any private dependency once you have a license.

Features

Fine-Grained Role-Based Permissions

Permissions are plain strings scoped to specific actions -- projects.create, billing.manage, reports.export. You assign permissions to roles, and roles to users. Direct user-level permission overrides are also supported.

The module hooks into Laravel's Gate. Existing can(), authorize(), and policy checks continue to work. Permissions and roles are stored in the database and manageable at runtime.

User Groups

Groups let you organize users outside the team or workspace hierarchy. A user can belong to multiple groups. Groups can carry their own permissions, which are merged with role-based and direct permissions during authorization checks.

Use groups for department structures, project committees, access tiers -- whatever your domain requires.

User Impersonation

Authorized administrators can start an impersonation session to act as another user. The admin's original session is preserved and can be restored at any time. Every impersonation event is recorded with timestamp and actor identity.

Impersonation is gated behind a dedicated permission. Without it, the feature is inaccessible -- there is no global admin bypass.

Installation

bash
composer require nubos/identity-pro

You need valid Packeton credentials in your auth.json (provided with your license). The package auto-discovers its service provider.

Publish and run the migrations:

bash
php artisan vendor:publish --tag=identity-pro-migrations
php artisan migrate

Publish the config file:

bash
php artisan vendor:publish --tag=identity-pro-config

This creates config/identity-pro.php where you can configure permission discovery, default roles, group behaviour, and impersonation restrictions.

Detailed installation and configuration steps will be finalized with the first stable release.

Topology Support

Identity Pro works with every Starter Kit setup:

  • Standalone (no tenancy)
  • Single-database tenancy
  • Multi-database tenancy

The module detects your configuration and adjusts scoping and migrations accordingly.

Extending

The module exposes its models (Role, Permission, Group) and service classes. You can:

  • Add custom permission checks by extending the provided PermissionRegistrar.
  • Listen to events like UserImpersonated, RoleAssigned, or GroupMemberAdded to hook into your own workflows.
  • Swap any bound implementation via Laravel's container if the default behaviour does not fit your needs.

What Is Not Included

  • Audit Trail -- event logging and change history are a separate module, not part of Identity Pro.
  • Two-factor authentication -- handled by the base Starter Kit via Laravel Fortify.
  • OAuth / social login -- handled at the application level with Passport or Socialite.

Documentation

Full configuration reference, API documentation, and migration guides will ship with the first release.