Roles and Permissions
Last updated
Last updated
Voyager comes with Roles and Permissions out of the box. Each User has a Role which has a set of Permissions.
Inside of the dashboard you can choose to Add, Edit, or delete the current Roles. Additionally when you click to edit a particular role you can specify the BREAD permissions.
New in version 1.0, we've changed Voyager's authorization system to be ! This means that you can check for permissions in the following ways:
Out of the box there are some permissions you can use by default:
browse_admin
: Whether or not the user may browse the Voyager admin panel.
browse_database
: Whether or not the user may browse the Voyager database menu section.
browse_bread
: Whether or not the user may browse the Voyager BREAD menu section.
browse_media
: Whether or not the user may browse the Voyager media section.
browse_menu
: Whether or not the user may browse the Voyager menu section.
browse_settings
: Whether or not the user may browse the Voyager settings section.
read_settings
: Whether or not the user can view or see a particular setting.
edit_settings
: Whether or not the user can edit a particular setting.
add_settings
: Whether or not the user can add a new setting.
delete_settings
: Whether or not the user can delete a particular setting.
Additionally you can Generate permissions
for every BREAD type you create. This will create the browse
, read
, edit
, add
and delete
permission.
As an example, perhaps we are creating a new BREAD type from a products
table. If we choose to Generate permissions
for our products
table. Our permission keys will be browse_products
, read_products
, edit_products
, add_products
and delete_products
.
If you create a custom page and you want only allow specific user roles to access it, you may use permissions.
This only works if your slug comes directly after /admin/
. So for a custom page of the form /admin/sub/foo
the menu item will not be hidden from the menu.
First, create a permission in the permissions table (you could use BREAD for example, model name is TCG\Voyager\Models\Permission
). The column table_name
should be set to null. The column key
should be of the form browse_slug
where slug
has to be replaced with the actual slug of your custom page. For example, to restrict access to your custom page with url /admin/create_bill
you may create the permission browse_create_bill
.
Check the permission for each role that you wish to grant access to the site at admin/roles
. In the above example you would find a new checkbox called "Browse Create Bill". If a user does not have the required permission, the menu item leading to your custom page will be hidden.
to use authorize
in your controller:
If you do so, make sure add the custom guard to your controller:
You can also check for permissions using blade syntax. Let's say for instance that you want to check if a user can browse_posts
, simple enough we can use the following syntax:
Or perhaps you need to run an else condition for a permission. That's simple enough:
Couldn't be easier, right ;)
You may create your own