How I Built a Complete Multi-Tenancy System for My Laravel SaaS - Without Spatie

Every SaaS application needs to answer one question on every single request: "who can do what in which company?" Sounds simple. It's not. I've been building Kohana.io - a SaaS CRM/ERP for small businesses. The multi-tenancy module took longer than any other module to get right. Not because the code is complex, but because the decisions are complex: single database or separate databases? Config-driven or database-driven permissions? How do you handle permission overrides? What happens when a user gets a 403? Now I'm extracting this module into LaraFoundry - an open-source Laravel SaaS framework - so nobody has to make these decisions from scratch again. Here's exactly how it works. Architecture Overview Component Purpose 'BelongsToCompany' trait Automatic query filtering by active company 'config/roles-and-permissions.php' All permissions defined in one place Gate classes (8 files) Complex authorization logic per module 'HasRolesAndPermissions' trait 5-level permission hierarchy on User