Laravel Fortify

Multi-tenancy arrives for Laravel starter kits Laravel 13 introduces a long-awaited feature to its official starter kits: native team functionality. This shift means developers no longer need to reach for Jetstream or build custom multi-tenant logic from scratch just to handle basic group permissions. The integration is baked directly into the installation process, allowing for immediate scaffolding of team creation, member invitations, and role-based access control. Understanding this implementation is vital for anyone building SaaS products where users must collaborate within isolated workspaces. Prerequisites and installation To use this feature, you must use the Laravel installer and select specific options. - **Livewire**: You must choose the Livewire starter kit. - **Class Components**: You must select **No** when asked if you want single-file functional components; the team's logic currently relies on standard Livewire class components. ```bash laravel new my-team-app Select Livewire -> Class Components -> Yes to Team Support ``` Database architecture and team logic The team system relies on three core tables. The `users` table gains a `current_team_id` to track which workspace the user is currently viewing. The `teams` table stores the owner and the team name. Finally, `team_invitations` handles the state of pending members. Under the hood, Laravel uses Fortify actions to handle the heavy lifting. When a user registers, the `CreateNewUser` action triggers a `CreateTeam` handle. This ensures every user has a personal "home" team by default, preventing null pointer errors when the application expects a team context. Invitation workflows and role hierarchy Accepting an invitation is currently a two-step process. A guest clicks a signed URL, which redirects them to a login or registration page. Once authenticated, the `AcceptInvitation` component validates the email match and attaches the user to the team. The system defines three specific roles: 1. **Owner**: Full control over settings and deletion. 2. **Admin**: Can rename teams and manage invitations. 3. **Member**: Read-only access to team data. Practical example: Role-based view logic You can check permissions directly in your Blade templates or Livewire components using the provided traits. This allows you to hide the "Delete Team" button from anyone who isn't an owner, a best practice for maintaining data integrity in collaborative environments. ```php @if (auth()->user()->ownsTeam($team)) <button wire:click="deleteTeam">Delete Team</button> @endif ``` Tips and common gotchas One notable quirk is the registration flow. If a user is invited via `[email protected]` but registers with a different email, they will not be automatically added to the team. Always ensure your users know the invitation is tied to the specific recipient email. Additionally, remember to run `php artisan queue:work`, as team invitations are dispatched as queued notifications by default.