Roles and Permissions

AdminTW implements a Roles and Permissions system. Users do not have roles directly, instead they have roles, they can have multiple roles, each with their own permissions.

The system comes with 2 roles out the box Admin and User.

Admin roles have full permissions to the system, permissions do not apply to Admin roles.

Users come with no permissons by default and will have to be configured.

Creating roles on install

When seeding a fresh install you can set a default list of roles by editing `database/seeders/RolesDatabaseSeeder.php`



<?php

namespace Database\Seeders;

use Illuminate\Database\Seeder;
use Illuminate\Database\Eloquent\Model;
use App\Models\Roles\Role;

class RolesDatabaseSeeder extends Seeder
{
    public function run()
    {
        Model::unguard();

        Role::firstOrCreate(['name' => 'admin', 'label' => 'Admin']);
        Role::firstOrCreate(['name' => 'user', 'label' => 'User']);
    }
}

A role has a name and a label, the label is used only for a user friendly name within the Roles section. Using the roles directly you should use the role name.

Usage of a role

Check in an if statement weather the current user has a permission, the permission will be checked against all roles the user has.



@if(can('view_dashboard'))
    <x-nav.link route="admin" icon="fas fa-home">Dashboard</x-nav.link>
@endif

Roles Helpers


abort_if_cannot

Abort when user does not have permission to perform the requestion action.

For instance abort users from seeing user activity when they don't have permissions from their given roles. The action is looked up as a boolean, it can be used inside if statements.

When the user does not have permission the message will be printed: You do not have permissions to (permission name)



    abort_if_cannot('view_users_activity')

The helper takes 2 arguments, the name to check and the status code. The default status code is 401.



abort_if_cannot(string $action, int $code = 401)

abort_permission

This performs the same as above but when a permission returns false instead of aborting globally an error view is returned, this is helpful if you want to show a message but don't stop the page execution.



abort_permission(string $action, int $code = 401)

can

This checks if a user has a given permission, returns a boolean.



can(string $action)

cannot

This checks if a user does not have a given permission, returns a boolean.



cannot(string $action)

Managing Roles

From the admin as long as you have an Admin role you can access the Roles and Permissions section. From here you can add edit and remove roles. except for the Admin role that cannot be changed.

Managing Roles

When editing a role, all its permissions will be displayed. From here the permissions can be turned on and off by checking the boxes.

Editing Roles

Applying Roles to Users

To give a user roles edit their account and scroll to the bottom of the page to find the roles section, check each box to give the user that role.

Make sure there is always a user with Admin access. There is validation to help prevent you locking yourself out!

User Roles

© 2022 AdminTW. All rights reserved.

Built by David Carr