Role Based Access Control in TPV Management

In the managment portal, access control is defined at the Role level with Departments having one or more Roles under them. To enable to Admin user to have all permissions you must add/set the following in your .env file:

TPV_ADMIN=6FFBAFDA-F08D-4172-B9C8-B26F3CA84169

Where the UUID is the id of the site administrator account.

Permissions consist of 3 parts, the short_name, friendly_name and description. The short_name is what you will reference in code/middleware and must be unique. The short_name should also follow the form: {section}.{action}.{optional_specifier} i.e. users.edit

The friendly_name is what should be displayed to users and the description should explain more about what the user is able to do with this permission.

Adding Permissions

You can view and add permissions by going to Configuration / Permissions.

Assigning Permissions to Roles

Go to Configuration / Departments and Roles. Choose the Department and click Edit Roles then click on the Role you wish to edit or create a new one.

Restricting User Permissions

Go to TPV Staff and click the pencil icon to edit the user. Click the Permissions button in the header. Uncheck any permissions this user should not have.

Helper Functions

  • has_perm(permission_short_name, (optional) user) Test if the user has the specified permission.

  • req_perm(permission_short_name, (optional) user) Require the user has the specified permission or abort with a 403 Permission Denied.

  • all_perm_in(permission_name_array, (optional) user) Only returns true if the specified user has all the permissions in the passed array.

  • any_perm_in(permission_name_array, (optional) user) Returns true if the specified user has any of the permissions in the passed array.

Middleware

The following middlewares are provided for route level permission checking.

  • can:permission_short_name Maps to has_perm above.

  • can_if_all:perm1|perm2|perm3 Maps to all_perm_in above.

  • can_if_any:perm1|perm2|perm3 Maps to any_perm_in above.

Blade Directives

You can use the @can(permission_name) directive in templates to restrict access to certain functions to those with the permission. This works like an @if statement.

@can('users.edit')
    <button>Edit</button>
@else
    Cannot Edit
@endcan