Vanilo incorporates ACL functionality from the konekt/acl library, which is actually a "concordified" fork of the spatie/laravel-permission package.

This package allows you to manage user permissions and roles in a database.

Once installed you can do stuff like this:

// Adding permissions to a user
$user->givePermissionTo('create products');

// Adding permissions via a role
$user->assignRole('product manager');

$role->givePermissionTo('create products');

Because all permissions will be registered on Laravel's gate, you can test if a user has a permission with Laravel's default can() function:

$user->can('edit products');

Using With Blade

Laravel's native @can directive works to check if a user has a certain permission:

@can('create products')

You can also check for roles:

    I am a writer!
    I am not a writer...

Test for any role in a list:

    I have one or more of these roles!
    I have none of these roles...
<!-- or -->
    I am either a writer or an admin or both!
    I have none of these roles...

Test for all roles:

    I have all of these roles!
    I do not have all of these roles...
// or
    I am both a writer and an admin!
    I do not have all of these roles...

For a detailed description of Acl features, refer to the acl readme.

Resource Permissions

Vanilo Framework complements the Laravel Resource convention by defining resource permissions for all their models:

  • 'list resources',
  • 'create resources',
  • 'view resources',
  • 'edit resources',
  • 'delete resources'

Acl Middleware

All the Admin Panel routes are protected with the acl middleware that checks the resource permissions based on the current action. To make it clear what it does, here's an example:

When a route hits the [email protected] action, the Acl module checks for the list products permission

Resource actions vs. permissions mapping example:

Action Necessary Permission
[email protected] list products
[email protected] create products
[email protected] create products
[email protected] view products
[email protected] edit products
[email protected] edit products
[email protected] delete products

Resource names are always plural in permissions.