Permissions

Core Module


Introduction

In the same way the core listens for navigation items, it also listens for permissions. Your module can push the permissions it needs.

Usage

All you have to do is have a permissions.php file in the modules Config file. This file will contain the permissions for your module.

Each module can define its permissions per category, prefixed by the singular module name. Take for instance the blog module:

<?php

return [
    'blog.posts' => [
        'index',
        'create',
        'store',
        'edit',
        'update',
        'destroy'
    ],
    'blog.categories' => [
        'index',
        'create',
        'store',
        'edit',
        'update',
        'destroy'
    ],
    'blog.tags' => [
        'index',
        'create',
        'store',
        'edit',
        'update',
        'destroy'
    ],
];

That is all, the Core Module will loop over every configuration file and load them.

Authentication contract

Once you've setup the appropriate roles with their permissions, you can start checking for them in controllers, views etc.

Do perform this action you can inject the authentication contract which has a hasAccess() method. It has the following signature:

/**
 * Determines if the current user has access to given permission
 * @param $permission
 * @return bool
 */
public function hasAccess($permission);

An example, to check if a user has access to the users index page in the administration:

$this->auth->hasAccess('users.index');

Which will return a boolean.

Mobile Analytics