Permissions
Intro
Permissions are system defined, and allow the ability the restrict access to certain area/functionality in the application. You can assign permissions to users via the User Permissions management area, or via Roles.
Adding new permissions
To add a new permission to the App you need to edit the `app/Enums/UserPermissions.php' Enums file. Adding a value, label & description of the new permission.
// UserPermissions.php
<?php
...
case NEW_PERMISSION = 'new-permission';
...
public function label(): string
{
return match($this) {
...
UserPermissions::NEW_PERMISSION => 'New Permission',
...
};
}
public function description(): string
{
return match($this) {
...
UserPermissions::NEW_PERMISSION => 'A new permission that allows the user to do cool things',
...
};
}
Seeding permissions
Pemissions are then seeded in the Database/Seeder/PermissionsSeeder.php which is also included in the ProductionSeeder.php. This seeder:
1. Runs through all app permissions
2. Adds new permissions to the App
Using permissions in the App
User has permission check
You can use the hasPermission() trait on the User model to validate permissions
// MenuController.php
<?php
...
if ($user->hasPermission(UserPermissions::VIEW_INSIGHTS->value)) {
$menu["Manage"][] = self::insightsMenu();
}
User has permission middleware
You can use the hasPermission middleware to set permissions on web routes
// web.php
<?php
...
Route::group(['middleware' => ['auth', 'hasPermission:' . UserPermissions::VIEW_ADMIN_DASHBOARD->value], 'prefix' => 'admin', 'as' => 'admin.'], function () {
Route::get('/', [AdminDashboardController::class, 'view'])->name('dashboard.view');
Route::post('{user}/permissions/{permission}', [UserPermissionsController::class, 'store'])->name('permissions.update')->middleware('hasPermission:' . UserPermissions::MANAGE_USER_PERMISSIONS->value);
}
User has permission in Filament actions
You can use permission checks to control visibility of Filament actions and buttons:
// UsersRelationManager.php
<?php
...
Tables\Actions\AttachAction::make()
->label('Attach user')
->visible(fn () => auth()->user()?->hasPermission(UserPermissions::ATTACH_ORGANISATION_USERS->value))
->action(function (array $data) {
// Attach logic
}),
Permission Groups
Permissions are organized into logical groups in the group() method of the UserPermissions enum:
- Dashboards - Access to various dashboard views
- Users & Roles - User and role management, including the
ATTACH_ORGANISATION_USERSpermission - Admin Console - Administrative features and settings
- Sessions - Session management capabilities
- Scheduler - Scheduling and calendar permissions
- And more...
Example: ATTACH_ORGANISATION_USERS Permission
The ATTACH_ORGANISATION_USERS permission controls access to the "Attach user" functionality in the organisation settings panel. This allows authorized users to link existing users to organisations.
Use case: In /settings/organisations/{id}/edit, users with this permission can see and use the "Attach user" button to link existing users to the organisation, without needing to create new user accounts.