-
Notifications
You must be signed in to change notification settings - Fork 429
Role Permission
Access to different parts of the application is controlled by Roles and Permissions.
In the application seed, we defined 5 user roles and a set of permissions. We recommend using these and add additional roles when needed. The default roles are the following,
-
super admin
has access to every part of the application. No need to assign any permission to this role. -
administrator
has all the permissions created initially. For newly created permissions, you need to assign those separately. -
manager
can view the Admin Backed asview_backend
permission is included with this role. -
executive
is the same as themanager
role, it only hasview_backend
permission. -
user
role does not have any permission attached.
There are two different approaches to creating roles and permissions. One approach is to generate permission sets for all the actions of CRUD operations. Another approach is to generate one or multiple permissions and roles using artisan commands.
While extending the application we may need to create new CRUD operations and assign permission to each action. You can create permissions separately but there is a simple command to generate all of those at once. There is an Authorizable class that is being used to check these role-permissions. Generate the permissions and add the Authorizable class to your controller and the application will handle access to each of the actions of the CRUD controller.
php artisan auth:permissions authors
If you run the command mentioned above, it will create the following permissions: view_authors, add_authors, edit_authors, delete_authors, restore_authors
These permissions add the ability for the controller to perform related actions.
To delete crud permissions
set you have to use the command as mentioned below.
PHP auth:permissions {name} {--remove}
A Role
can be created from the application backend. Users with the super admin
or administrator
role can create new roles from the backend.
There is no way to create, edit, or delete any permission from the backend admin area. But you can use artisan commands to create new permissions and sets of permissions for CRUD operations.
You can create a role or permission from the console with artisan commands.
php artisan permission:create-role writer
php artisan permission:create-permission "edit articles"
When creating permissions/roles for specific guards you can specify the guard names as a second argument:
php artisan permission:create-role writer web
php artisan permission:create-permission "edit articles" web
When creating roles you can also create and link permissions at the same time:
php artisan permission:create-role writer web "create articles|edit articles"
There is also a show command to show a table of roles and permissions per guard:
php artisan permission:show
When you use the built-in functions for manipulating roles and permissions, the cache is automatically reset for you, and relations are automatically reloaded for the current model record.
See the Advanced-Usage/Cache section of these docs for detailed specifics.
If you need to manually reset the cache for this package, you may use the following artisan command:
php artisan permission:cache-reset
Again, it is more efficient to use the API provided by this package, instead of manually clearing the cache.
We are using laravel-permission package for access control. You can check their documentation for more details.