User permissions
This software comes with a advanced user permissions handling mechanism that allows you to easily handle user permissions. A single user permission consist of Permission name, Permission type, Permission key and Permission description. The most important part is Permission key.
User permissions cannot be assigned directly to users. Instead permissions can assign to user roles first and then those user roles can be assigned to users.
Any user can have multiple user roles and any user role can have any number of user permissions.
User permissions list
The user permissions list displays all user permissions in the app and supports the following features.
Listing specific features
-
Different types of filters
- Main filters
- Search filter
- Screen preferences
- Collapsible module basis permission groups with permission counts
- Show user roles's active or inactive state
- Show user count and permission count for each user role
Critical vs. standard user permissions
In this software, there are two types of user permissions: critical and standard. critical user permissions are easily identified by the surge icon in front of their name.
Although there are two types of user permissions, they are quite similar in function by default. What truly differentiates them are the user roles they are assigned to. Additionally, having these two distinct types allows you to distinguish and manage them more easily.
The reason for the two types of user permissions is that critical user permissions can only be assigned to critical user roles, and standard user permissions can only be assigned to standard user roles. This setup provides flexibility to create critical user roles like Super admin and Admin and assign critical user permissions only to them, while creating non-critical/standard user roles like Moderators and assigning standard user permissions to them. However, there are no strict rules; you can even assign critical user permissions to standard user roles. It’s entirely up to you, but be careful when managing both user roles and permissions, as mistakes can lead to serious security and accessibility issues.
Origin vs. local user permissions
Based on the type of user permission, you can determine whether the permission is required to run the bare-bones version of the software. If the permission type is marked as origin, it is necessary for running the bare-bones version. If the type is local, then the permission is optional for running the bare-bones version of the software.
For instance, if you build new software using this platform, any user permissions you add to the system (other than those that come with this software) can also be marked as origin. However, if you're creating optional modules for the software, the permissions related to those modules can be marked as local.
Active vs. inactive user permissions
If a permission is marked as inactive, all actions based on that permission will be unavailable to system users who have been assigned that permission through a user role. An active permission, on the other hand, allows those actions to be performed.
Why are there no options to add or edit user permissions in the admin panel?
We believe that user permissions are not like typical CRUD items. They are a special kind of entries that plays a critical role in the software. Typically, they are not added or edited frequently, so the best way to maintain these records is through seeder files or database files like .sql and etc.
Important!
The 'User' library usage
This software comes with a custom library called User under the Auth module. It has few methods that can be used to do things that related to user permissions.
This library is located at [app_root]/Nudasoft/Auth/Libraries/User.php. It is an autoloaded library, so you don’t need to load it manually each time you use it; it’s available globally throughout the application. In this chapter, we will discuss only a few methods related to user permissions. Other methods, such as those for user authentication, will be covered in the Authentication chapter.
-
getUserData(): objectThis method is return different kind of user data for currently signned/loggedin in user. For example, his/her user state, his/her all permissions. These information are very useful for check if that user has certain kind of permissions in order to perform different kind of actions in the software.
-
hasPermission(string $permission): boolCheck if the user has specific permission:
// Example usage if ($this->auth_userLibrary->hasPermission($permission)) { // User has permission. } else { // User does not have permission. } -
hasAnyPermission(array $permissions): boolCheck if the user has any of an array of permissions:
// Example usage if ($this->auth_userLibrary->hasAnyPermission($permissions)) { // User has permission. } else { // User does not have permission. } -
hasAllPermissions(array $permissions): boolCheck if the user has all of an array of permissions:
// Example usage if ($this->auth_userLibrary->hasAllPermissions($permissions)) { // User has permission. } else { // User does not have permission. }
There are many other methods available in the User library. Please take a look to gain a thorough understanding of how they work.