ZHXCore CMS

Roles and Permissions


About

By using roles and permissions built into ZHXCORE, you can permit and restrict every area of the backend to an unlimited number of roles or permissions.

Adding Roles

Roles are stored in the database, allowing you to create an unlimited number of roles. Each role can be assigned to any user. Each role is assigned permissions that open or close certain areas of the application. Roles are created in the administration area of the platform.

Adding Permissions

Permissions are created and maintained in the codebase of the application. Each feature/plugin may create any number of permissions at development time and assigned to roles, when active, from the administration panel.

{info} By default each plugin created with the command will provide you: List, Create, Edit and Delete permissions.

Available Methods

hasPermission( string $flag)

Returns True or False

This method is called on the user object & requires the permission flag be passed to it and will return true if the user has the permission or false if they do not.

hasAnyPermissions( array $flags)

Returns True or False

Same as hasPermission, but accepts an array of permission flags and will return true if any exist within the users role.

Code Example
if (Auth::user()->hasPermission('docs.show')){
    // Yes, Has permission
    } else{ 
    // No, Does not have permission 
}
if (Auth::user()->hasAnyPermissions(['docs.show','docs.list'])){
    // Yes, any one or more permission
    } else{    
    // No, Does not have any permission 
}

Implementing Permissions

Default Procedure

The default procedure will use the route name as the permission flag to check access permissions. That is if no permission => 'flag' is set, then the route name will be used to determine access.

If a permission flag is set on a route, permission=>'flag' is set, then this flag will be used to determine access/

If the permission flag, superuser is set on route, permission=>'superuser', only super users will be able to access/

Implementing on a specific route

You can set any route to require a permission by setting permission => 'flag' to any route.

For example, if we have a docs.show permission, we could limit access to a route by setting our route to:

 Route::get('example', [
    'as'   => 'docs.example',
    'uses' => '[email protected]',
    'permission' => 'docs.show'
  ]);

You are also able to set specific route to be accessed only by a super user. To do this you would do the following

 Route::get('example', [
    'as'   => 'docs.example',
    'uses' => '[email protected]',
    'permission' => 'superuser'
  ]);

Another option is to leave a route open to everyone and not check any permissions. To do this you would do the following

 Route::get('example', [
    'as'   => 'docs.example',
    'uses' => '[email protected]',
    'permission' => false
  ]);