In the same way the core listens for navigation items, it also listens for permissions. Your module can push the permissions it needs.
All you have to do is have a
permissions.php file in the modules Config file. This file will contain the permissions for your module.
Each module can define its permissions per category, prefixed by the singular module name. Take for instance the blog module:
'blog.posts' => [
'blog.categories' => [
'blog.tags' => [
That is all, the Core Module will loop over every configuration file and load them.
Once you've setup the appropriate roles with their permissions, you can start checking for them in controllers, views etc.
Do perform this action you can inject the authentication contract which has a
hasAccess() method. It has the following signature:
* Determines if the current user has access to given permission
* @param $permission
* @return bool
public function hasAccess($permission);
An example, to check if a user has access to the users index page in the administration:
Which will return a boolean.