Roles and Permissions
AdminTW implements a Roles and Permissions system. Users do not have roles directly, instead they have roles, they can have multiple roles, each with their own permissions.
The system comes with 2 roles out the box Admin and User.
Admin roles have full permissions to the system, permissions do not apply to Admin roles.
Users come with no permissons by default and will have to be configured.
Creating roles on install
When seeding a fresh install you can set a default list of roles by editing `database/seeders/RolesDatabaseSeeder.php`
<?php
namespace Database\Seeders;
use Illuminate\Database\Seeder;
use Illuminate\Database\Eloquent\Model;
use App\Models\Roles\Role;
class RolesDatabaseSeeder extends Seeder
{
public function run()
{
Model::unguard();
Role::firstOrCreate(['name' => 'admin', 'label' => 'Admin']);
Role::firstOrCreate(['name' => 'user', 'label' => 'User']);
}
}
A role has a name and a label, the label is used only for a user friendly name within the Roles section. Using the roles directly you should use the role name.
Usage of a role
Check in an if statement weather the current user has a permission, the permission will be checked against all roles the user has.
@if(can('view_dashboard'))
<x-nav.link route="admin" icon="fas fa-home">Dashboard</x-nav.link>
@endif
Roles Helpers
abort_if_cannot
Abort when user does not have permission to perform the requestion action.
For instance abort users from seeing user activity when they don't have permissions from their given roles. The action is looked up as a boolean, it can be used inside if statements.
When the user does not have permission the message will be printed: You do not have permissions to (permission name)
abort_if_cannot('view_users_activity')
The helper takes 2 arguments, the name to check and the status code. The default status code is 401.
abort_if_cannot(string $action, int $code = 401)
abort_permission
This performs the same as above but when a permission returns false instead of aborting globally an error view is returned, this is helpful if you want to show a message but don't stop the page execution.
abort_permission(string $action, int $code = 401)
can
This checks if a user has a given permission, returns a boolean.
can(string $action)
cannot
This checks if a user does not have a given permission, returns a boolean.
cannot(string $action)
Managing Roles
From the admin as long as you have an Admin role you can access the Roles and Permissions section. From here you can add edit and remove roles. except for the Admin role that cannot be changed.
When editing a role, all its permissions will be displayed. From here the permissions can be turned on and off by checking the boxes.
Applying Roles to Users
To give a user roles edit their account and scroll to the bottom of the page to find the roles section, check each box to give the user that role.