📙
QuickAdminPanel
  • QuickAdminPanel Docs
  • Quick Start: Creating Panel
    • Creating a Simple CRUD
    • Radio/Checkbox/Select Fields
    • Relationships fields: belongsTo/belongsToMany
    • File/Photo Upload Fields
    • Date/Time Picker Fields
    • Multi-language Projects
    • API Generator
    • Roles and Permissions
    • How to Change Design Template/Theme
  • Using the Generated Code
    • Download Code and Install on Your Web-Server
    • Push Code to Your Github
    • Edit Code and Merge Changes
    • What Files are Inside the CRUD
  • Modules
    • Modules Overview
    • AJAX Datatables
    • System Calendar
    • Audit Changes Logs
    • Dashboard and Reports
    • Multi-Tenancy
    • CSV Import
    • Global Search
    • User Registration
    • Internal Messages
    • Change Notifications
    • Tasks + Calendar
    • Courses LMS
    • CRUD Templates Modules
  • Customizing the Code
    • Datatables Customizations
    • Upgrade Laravel version
    • Dependent Dropdowns: Parent-Child
    • Add Front User Without Admin Permissions
    • How to Add Mass Actions to Datatable
  • Vue.js + Laravel API Version
    • QuickAdminPanel: Vue.js+Laravel Version
    • What Files are Inside Vue.js+Laravel CRUD?
    • Installing Downloaded Vue.js+Laravel Panel
  • Livewire + Tailwind Version
    • QuickAdminPanel: Livewire+Tailwind Version
    • What Files are Inside Livewire+Tailwind CRUD?
    • Installing Downloaded Livewire+Tailwind Panel
Powered by GitBook
On this page
  1. Quick Start: Creating Panel

Roles and Permissions

PreviousAPI GeneratorNextHow to Change Design Template/Theme

Last updated 5 years ago

In default QuickAdminPanel generator, we generate two user roles - Administrator and Simple User. They both have the same permissions for all CRUDs and Modules, except for User Management which is available only for administrator.

The whole Permissions system is stored in the database in these DB tables:

  • permissions

  • roles

  • permission_role

  • role_user

Every CRUD has five default permissions generated:

  • *_access (whether user sees menu item in sidebar)

  • *_create (whether user can access create form and add new record)

  • *_edit (whether user can access edit form and update existing record)

  • *_show (whether user can access "show" page of a record)

  • *_delete (whether user can delete records)

These records are seeded with Seeder files, see examples below:

If you want to change permissions in downloaded panel, you can log in as Administrator user and go to menu item User Management -> Roles, and then assign all permissions you want to a particular role, by editing it.

In the generated code, we check the permissions in every method of Controller, see Gate and abort_unless() methods in example:

class BooksController extends Controller
{
    public function index()
    {
        abort_unless(\Gate::allows('book_access'), 403);

        $books = Book::all();

        return view('admin.books.index', compact('books'));
    }

    public function create()
    {
        abort_unless(\Gate::allows('book_create'), 403);

        return view('admin.books.create');
    }

    public function store(StoreBookRequest $request)
    {
        abort_unless(\Gate::allows('book_create'), 403);

        $book = Book::create($request->all());

        return redirect()->route('admin.books.index');
    }

    public function edit(Book $book)
    {
        abort_unless(\Gate::allows('book_edit'), 403);

        return view('admin.books.edit', compact('book'));
    }

    public function update(UpdateBookRequest $request, Book $book)
    {
        abort_unless(\Gate::allows('book_edit'), 403);

        $book->update($request->all());

        return redirect()->route('admin.books.index');
    }

    public function show(Book $book)
    {
        abort_unless(\Gate::allows('book_show'), 403);

        return view('admin.books.show', compact('book'));
    }

    public function destroy(Book $book)
    {
        abort_unless(\Gate::allows('book_delete'), 403);

        $book->delete();

        return back();
    }
}

On top of that, we add a check in Form Request classes, see example:

class StoreBookRequest extends FormRequest
{
    public function authorize()
    {
        return \Gate::allows('book_create');
    }
}

For more information, how Gates work in Laravel, see official Laravel documentation.