You can try Sentry 2 - a robust solution for authentication, authorization, and ACL. This library started as a bundle of Laravel, but evolved into a package that can be installed in other frameworks. Here is the specific link for integration with Laravel 4:
link
And follow the link to the permissions documentation:
link
If you prefer to build your own solution, instead of using a ready solution, my suggestion is to use three tables:
Your Users table.
A table of actions .
A many-to-many connection table linking the two (" users ")
You may also want to consider:
A table of levels .
A many-to-many connection table linking tiers with actions (" tiers ")
In this case, you can either delete the table "users_auts" and save only a "id_level" in the "users" table, applying only level permissions ... or keep the "user_users" table and apply a level to a user - which would copy actions from "level" to "user", but still allowing individual fine-tuning. This would be the most robust version.
You will have the job of defining actions in the "actions" table, and defining which actions each "level" can perform and / or which actions each user can perform.
In addition to the structure and storage in the database, you will need some filter or other mechanism that checks whether or not the user is allowed to perform certain action.
And, to a finer degree, you may want the interface itself to display or not interaction elements, based on permissions.
I've already assembled a CMS with all that I'm describing above - each user sees only the options in the menu and the buttons of the actions that are allowed. It was really cool. Of course, on the backend the system checks the permissions - because if the difference is only in the interface, a user would be able to be successful in forging an HTTP request for an action that he is not allowed to perform. >
I went further: a user who has permission to give / remove permissions from other users can only "delegate" those actions that he himself has permission to execute. In the interface, made in ExtJS, a "checkbox-tree" appears, where you can mark / unmark a whole group of actions at once, or each one individually ...
Here are the tips and comments.