Nubos StarterKit

Appearance

Identity Pro

Advanced permissions, groups, and impersonation for Nubos applications.

Packagenubos/identity-pro
Price290 EUR (one-time, per project)
Requiresnubos/starter-kit (base)
StatusIn development

Overview

The base Starter Kit already includes a database-backed roles and permissions system with fixed system roles (owner, admin, member), scoped role assignments, and permission checks via Gate::before. See Roles & Permissions for the full reference.

Identity Pro extends that foundation. It adds custom roles that users can create and manage at runtime, user groups independent of the organization hierarchy, and a safe impersonation mechanism for support and debugging. The underlying database schema (roles, permissions, role_permission, role_assignments) is shared -- Identity Pro builds on top of it, it does not replace it.

This is a paid Composer package. There is no code in the Starter Kit repository. You install it like any private dependency once you have a license.

Features

Custom Roles

The Starter Kit ships with fixed system roles (is_system = true) that cannot be modified or deleted. Identity Pro adds the ability for organization admins to create custom roles at runtime, assign any combination of permissions to them, and manage them through a UI. System roles remain protected.

Role Hierarchy

Custom roles can optionally inherit from a base role. An "Editor" role inheriting from "Member" automatically receives all member permissions plus any additional ones assigned to the Editor role.

Fine-Grained Permission Management

The Starter Kit already stores permissions in the database and checks them via Gate. Identity Pro adds a management UI (Vue components) for browsing, assigning, and revoking permissions per role. Permission groups are rendered as categories in the UI.

User Groups

Groups let you organize users outside the team or workspace hierarchy. A user can belong to multiple groups. Groups can carry their own permissions, which are merged with role-based and direct permissions during authorization checks.

Use groups for department structures, project committees, access tiers -- whatever your domain requires.

User Impersonation

Authorized administrators can start an impersonation session to act as another user. The admin's original session is preserved and can be restored at any time. Every impersonation event is recorded with timestamp and actor identity.

Impersonation is gated behind a dedicated permission. Without it, the feature is inaccessible -- there is no global admin bypass.

Installation

bash
composer require nubos/identity-pro

You need valid Packeton credentials in your auth.json (provided with your license). The package auto-discovers its service provider.

Publish and run the migrations:

bash
php artisan vendor:publish --tag=identity-pro-migrations
php artisan migrate

Publish the config file:

bash
php artisan vendor:publish --tag=identity-pro-config

This creates config/identity-pro.php where you can configure permission discovery, default roles, group behaviour, and impersonation restrictions.

Detailed installation and configuration steps will be finalized with the first stable release.

Topology Support

Identity Pro works with every Starter Kit setup:

  • Standalone (no tenancy)
  • Single-database tenancy
  • Multi-database tenancy

The module detects your configuration and adjusts scoping and migrations accordingly.

Extending

The module builds on the Starter Kit's existing Role, Permission, and RoleAssignment models. It adds Group and extends the service layer. You can:

  • Add custom permission checks by extending the provided PermissionRegistrar.
  • Listen to events like UserImpersonated, RoleAssigned, or GroupMemberAdded to hook into your own workflows.
  • Swap any bound implementation via Laravel's container if the default behaviour does not fit your needs.

What Is Not Included

  • Audit Trail -- event logging and change history are a separate module, not part of Identity Pro.
  • Two-factor authentication -- handled by the base Starter Kit via Laravel Fortify.
  • OAuth / social login -- handled at the application level with Passport or Socialite.

Documentation

Full configuration reference, API documentation, and migration guides will ship with the first release.