Access to different parts of the application is controlled by Roles and Permissions .

In the application seed, we defined 5 user roles and a set of permissions. We recommend using these and add additional roles when needed. The default roles are the following,

1. super admin has access to every part of the application. No need to assign any permission to this role.
2. administrator has all the permissions created initially. For newly created permissions, you need to assign those separately.
3. manager can view the Admin Backed as view_backend permission is included with this role.
4. executive is the same as the manager role, it only has view_backend permission.
5. user role does not have any permission attached.

There are two different approaches to creating roles and permissions. One approach is to generate permission sets for all the actions of CRUD operations. Another approach is to generate one or multiple permissions and roles using artisan commands.

While extending the application we may need to create new CRUD operations and assign permission to each action. You can create permissions separately but there is a simple command to generate all of those at once. There is an Authorizable class that is being used to check these role-permissions. Generate the permissions and add the Authorizable class to your controller and the application will handle access to each of the actions of the CRUD controller.

php artisan auth:permissions authors

If you run the command mentioned above, it will create the following permissions: view_authors, add_authors, edit_authors, delete_authors, restore_authors

These permissions add the ability for the controller to perform related actions.

To delete crud permissions set you have to use the command as mentioned below.

PHP
 auth:permissions {name} {--remove}

A Role can be created from the application backend. Users with the super admin or administrator role can create new roles from the backend.

There is no way to create, edit, or delete any permission from the backend admin area. But you can use artisan commands to create new permissions and sets of permissions for CRUD operations.

You can create a role or permission from the console with artisan commands.

php artisan permission:create-role writer

php artisan permission:create-permission "
edit articles
"

When creating permissions/roles for specific guards you can specify the guard names as a second argument:

php artisan permission:create-role writer web

php artisan permission:create-permission "
edit articles
" web

When creating roles you can also create and link permissions at the same time:

php artisan permission:create-role writer web "create articles|edit articles"

There is also a show command to show a table of roles and permissions per guard:

php artisan permission:show

When you use the built-in functions for manipulating roles and permissions, the cache is automatically reset for you, and relations are automatically reloaded for the current model record.

See the Advanced-Usage/Cache section of these docs for detailed specifics.

If you need to manually reset the cache for this package, you may use the following artisan command:

php artisan permission:cache-reset

Again, it is more efficient to use the API provided by this package, instead of manually clearing the cache.

We are using laravel-permission package for access control. You can check their documentation for more details.