📙
QuickAdminPanel
📙
QuickAdminPanel
📙
QuickAdminPanel
📙
QuickAdminPanel
QuickAdminPanel Docs
Quick Start: Creating Panel
Creating a Simple CRUD
Radio/Checkbox/Select Fields
Relationships fields: belongsTo/belongsToMany
File/Photo Upload Fields
Multi-language Projects
API Generator
Roles and Permissions
Using the Generated Code
Download Code and Install on Your Web-Server
Push Code to Your Github
Edit Code and Merge Changes
What Files are Inside the CRUD
Modules
AJAX Datatables
System Calendar
Audit Changes Logs
Dashboard and Reports
Multi-Tenancy
CSV Import
Global Search
User Registration
Internal Messages
Change Notifications
Tasks + Calendar
CRUD Templates Modules
Customizing the Code
Datatables Customizations
Upgrade Laravel version
Dependent Dropdowns: Parent-Child
Add Front User Without Admin Permissions
Powered by GitBook

Roles and Permissions

In default QuickAdminPanel generator, we generate two user roles - Administrator and Simple User. They both have the same permissions for all CRUDs and Modules, except for User Management which is available only for administrator.

The whole Permissions system is stored in the database in these DB tables:

  • permissions

  • roles

  • permission_role

  • role_user

Every CRUD has five default permissions generated:

  • *_access (whether user sees menu item in sidebar)

  • *_create (whether user can access create form and add new record)

  • *_edit (whether user can access edit form and update existing record)

  • *_show (whether user can access "show" page of a record)

  • *_delete (whether user can delete records)

These records are seeded with Seeder files, see examples below:

If you want to change permissions in downloaded panel, you can log in as Administrator user and go to menu item User Management -> Roles, and then assign all permissions you want to a particular role, by editing it.

In the generated code, we check the permissions in every method of Controller, see Gate and abort_unless() methods in example:

class BooksController extends Controller
{
    public function index()
    {
        abort_unless(\Gate::allows('book_access'), 403);
​
        $books = Book::all();
​
        return view('admin.books.index', compact('books'));
    }
​
    public function create()
    {
        abort_unless(\Gate::allows('book_create'), 403);
​
        return view('admin.books.create');
    }
​
    public function store(StoreBookRequest $request)
    {
        abort_unless(\Gate::allows('book_create'), 403);
​
        $book = Book::create($request->all());
​
        return redirect()->route('admin.books.index');
    }
​
    public function edit(Book $book)
    {
        abort_unless(\Gate::allows('book_edit'), 403);
​
        return view('admin.books.edit', compact('book'));
    }
​
    public function update(UpdateBookRequest $request, Book $book)
    {
        abort_unless(\Gate::allows('book_edit'), 403);
​
        $book->update($request->all());
​
        return redirect()->route('admin.books.index');
    }
​
    public function show(Book $book)
    {
        abort_unless(\Gate::allows('book_show'), 403);
​
        return view('admin.books.show', compact('book'));
    }
​
    public function destroy(Book $book)
    {
        abort_unless(\Gate::allows('book_delete'), 403);
​
        $book->delete();
​
        return back();
    }
}

On top of that, we add a check in Form Request classes, see example:

class StoreBookRequest extends FormRequest
{
    public function authorize()
    {
        return \Gate::allows('book_create');
    }
}

For more information, how Gates work in Laravel, see official Laravel documentation.

Quick Start: Creating Panel - Previous
API Generator
Next - Using the Generated Code
Download Code and Install on Your Web-Server
Last updated 4 days ago