# Roles and Permissions Voyager comes with Roles and Permissions out of the box. Each *User* has a *Role* which has a set of *Permissions*. Inside of the dashboard you can choose to Add, Edit, or delete the current Roles. Additionally when you click to edit a particular role you can specify the BREAD permissions. ![](https://3810301784-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F3VUx0upabB9nOVwXnSOn%2Fuploads%2Fgit-blob-182be5b7ba1706299087346f93c3cc82f59dd0a4%2Frole.png?alt=media) New in version 1.0, we've changed Voyager's authorization system to be [more in line with Laravel](https://laravel.com/docs/authorization#authorizing-actions-using-policies)! This means that you can check for permissions in the following ways: ```php // via user object $canViewPost = $user->can('read', $post); $canViewPost = Auth::user()->can('read', $post); // via controller $canViewPost = $this->authorize('read', $post); ``` Out of the box there are some permissions you can use by default: * `browse_admin`: Whether or not the user may browse the Voyager admin panel. * `browse_database`: Whether or not the user may browse the Voyager database menu section. * `browse_bread`: Whether or not the user may browse the Voyager BREAD menu section. * `browse_media`: Whether or not the user may browse the Voyager media section. * `browse_menu`: Whether or not the user may browse the Voyager menu section. * `browse_settings`: Whether or not the user may browse the Voyager settings section. * `read_settings`: Whether or not the user can view or see a particular setting. * `edit_settings`: Whether or not the user can edit a particular setting. * `add_settings`: Whether or not the user can add a new setting. * `delete_settings`: Whether or not the user can delete a particular setting. Additionally you can `Generate permissions` for every BREAD type you create. This will create the `browse`, `read`, `edit`, `add` and `delete` permission. As an example, perhaps we are creating a new BREAD type from a `products` table. If we choose to `Generate permissions` for our `products` table. Our permission keys will be `browse_products`, `read_products`, `edit_products`, `add_products` and `delete_products`. {% hint style="info" %} **Notice**\ If a menu item is associated with any kind of BREAD, then it will check for the `browse` permission, for example for the `Posts` BREAD menu item, it will check for the `browse_posts` permission. If the user does not have the required permission, that menu item will be hidden. {% endhint %} ## Creating permissions for custom page If you create a custom page and you want only allow specific user roles to access it, you may use permissions. This only works if your slug comes directly after `/admin/`. So for a custom page of the form `/admin/sub/foo` the menu item will not be hidden from the menu. ### Create permission First, create a permission in the permissions table (you could use BREAD for example, model name is `TCG\Voyager\Models\Permission`). The column `table_name` should be set to null. The column `key` should be of the form `browse_slug` where `slug` has to be replaced with the actual slug of your custom page. For example, to restrict access to your custom page with url `/admin/create_bill` you may create the permission `browse_create_bill`. ### Set role Check the permission for each role that you wish to grant access to the site at `admin/roles`. In the above example you would find a new checkbox called "Browse Create Bill". If a user does not have the required permission, the menu item leading to your custom page will be hidden. ### Customize controller You may create your own [gate](https://laravel.com/docs/authorization#gates) ```php Gate::define('browse_create_bill', function ($user) { return $user->hasPermission(`browse_create_bill`); }); ``` to use `authorize` in your controller: ```php public function index() { $this->authorize('browse_create_bill'); //.. ``` If you do so, make sure add the custom guard to your controller: ```php /** * Get the guard to be used during authentication. * * @return \Illuminate\Contracts\Auth\StatefulGuard */ protected function guard() { return Auth::guard(app('VoyagerGuard')); } ``` ## Using Permissions in your Blade Template files You can also check for permissions using blade syntax. Let's say for instance that you want to check if a user can `browse_posts`, simple enough we can use the following syntax: ```php @can('browse', $post) I can browse posts @endcan ``` Or perhaps you need to run an else condition for a permission. That's simple enough: ```php @can('browse', $post) I can browse posts @else I cannot browse posts @endcan ``` Couldn't be easier, right ;) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://voyager-docs.devdojo.com/core-concepts/roles-and-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.