Using Authorization
Configuration
Change Available Groups
The available groups are defined in the app/Config/AuthGroups.php config file, under the $groups
property. Add new entries to the array, or remove existing ones to make them available throughout your application.
public array $groups = [
'superadmin' => [
'title' => 'Super Admin',
'description' => 'Complete control of the site.',
],
//
];
Set the Default Group
When a user registers on your site, they are assigned the group specified at Config\AuthGroups::$defaultGroup
. Change this to one of the keys in the $groups
array to update this.
Change Available Permissions
The permissions on the site are stored in the AuthGroups
config file also. Each one is defined by a string that represents a context and a permission, joined with a decimal point.
public array $permissions = [
'admin.access' => 'Can access the sites admin area',
'admin.settings' => 'Can access the main site settings',
'users.manage-admins' => 'Can manage other admins',
'users.create' => 'Can create new non-admin users',
'users.edit' => 'Can edit existing non-admin users',
'users.delete' => 'Can delete existing non-admin users',
'beta.access' => 'Can access beta-level features',
];
Note
Permissions should be written in lowercase letters. Some functions automatically convert the given permission parameter to lowercase letters, and using uppercase letters may cause compatibility problems.
Assign Permissions to a Group
Each group can have its own specific set of permissions. These are defined in Config\AuthGroups::$matrix
. You can specify each permission by it's full name, or using the context and an asterisk (*) to specify all permissions within that context.
public array $matrix = [
'superadmin' => [
'admin.*',
'users.*',
'beta.access',
],
//
];
Assign Permissions to a User
Permissions can also be assigned directly to a user, regardless of what groups they belong to. This is done programatically on the User
Entity.
$user = auth()->user();
$user->addPermission('users.create', 'beta.access');
This will add all new permissions. You can also sync permissions so that the user ONLY has the given permissions directly assigned to them. Any not in the provided list are removed from the user.
$user = auth()->user();
$user->syncPermissions('users.create', 'beta.access');
Check If a User Has Permission
When you need to check if a user has a specific permission use the can()
method on the User
entity. This method checks permissions within the groups they belong to and permissions directly assigned to the user.
if (! auth()->user()->can('users.create')) {
return redirect()->back()->with('error', 'You do not have permissions to access that page.');
}
Note
The example above can also be done through a controller filter if you want to apply it to multiple pages of your site.
Adding a Group To a User
Groups are assigned to a user via the addGroup()
method. You can pass multiple groups in and they will all be assigned to the user.
$user = auth()->user();
$user->addGroup('admin', 'beta');
This will add all new groups. You can also sync groups so that the user ONLY belongs to the groups directly assigned to them. Any not in the provided list are removed from the user.
$user = auth()->user();
$user->syncGroups('admin', 'beta');
Removing a Group From a User
Groups are removed from a user via the removeGroup()
method. Multiple groups may be removed at once by passing all of their names into the method.
$user = auth()->user();
$user->removeGroup('admin', 'beta');
Checking If User Belongs To a Group
You can check if a user belongs to a group with the inGroup()
method.
$user = auth()->user();
if ($user->inGroup('admin')) {
// do something
}
You can pass more than one group to the method and it will return true
if the user belongs to any of the specified groups.
$user = auth()->user();
if ($user->inGroup('admin', 'beta')) {
// do something
}