Documenation > Backend > Auth and Authorization

Auth and Authorization

Authentication

We’re using the default authentication functionalities provided by the Laravel framework.

The login page is Livewire Component based here: app/Http/Livewire/LoginPage.php and it’s pretty straight-forward.

Authorization

For authorization we’re using simple roles together with custom defined authorization gates. Documentation on authorization gates

Roles

The roles are defined in the roles database table. This table is beeing seeded from: config/users.php file. Example roles list:

 'roles' => [
    'Admin',
    'User management',
    'Newspaper view',
    'Newspaper edit',
    'Article View',
    'Article Edit',
    'Ads',
    'Ads Summary',
    'Dashboard',
    'Quota planning',
    'Pages',
    'Widgets',
    'Work Planner',
    'Developer Tools',
    'Page Builders',
    'Article Delete',
    'Team Planner',
    'Agent',
    'SEO'
  ],

Everytime you want to add a new role to the application simply add it in the config roles array. And after that you need to re-cache the config:

php artisan config:cache

Then run the database seeder to insert the new role in database:

php artisan db:seed --class="RolesTableSeeder"

The roles database seeder class is located here: database/seeders/RolesTableSeeder.php And it iterates through the config roles array and inserts every role that is currently not existing in the roles db table.

After that you need to add the role to the Admin UI. For that you need to update the user’s form view located here: resources/views/livewire/users/form.blade.php Example html code:

<div class="form-check">
    <input id="newspaper-edit" class="form-check-input" type="checkbox" value="4" wire:model="roles">
    <label for="newspaper-edit" class="form-check-label">{{ __('Edit') }}</label>
</div>

The important thing here is that you need to add a checkbox which is bound to the roles wire model. This roles model is array containing all of the current user’s roles. And set the value to the role’s id in the database. After being checked the role id and being added to the roles array and after save is clicked the role is added to the user. The pivot table is user_roles

Gates

All of the gates are currently defined in: app/Providers/AuthServiceProvider.php

Each gate is based on specific user roles or combination of 2,3 or more roles. Example gates:

    Gate::define('article-edit', function($user) {
        return $user->hasRoles([1, 6]);
    });
    Gate::define('developer-tools', function($user) {
        return $user->hasRoles([14]);
    });		
    Gate::define('page-builders', function($user) {
        return $user->hasRoles([15]);
    });

For example the gate article-edit checks if a user has the roles with id 1 and 6. Currently those id’s corresponds to 1=Admin and 6=Article Edit. So when using this gate it will check if user has one of the following roles and will return true if the user have it.

Example use from view:

@can('article-edit')
    // The user can article-edit, show edit button
@endcan

Example use from controller or livewire component:

    if (Gate::allows('article-edit')) {
        // the user can article-edit, proceed with article editing code
    }