Permissions

Akaunting provides a powerful ACL system thanks to the wonderful Laratrust package for Laravel. It ships with very useful functions on both PHP and Blade templates.

Akaunting adds even more power to Laratrust with an easy-to-use interface to manage all Users, Roles, and Permissions.

Furthermore, all these permissions and roles are also applicable to RESTful API access so you can create an API user account that can just read but not write data to your Akaunting.

Assigning permissions to controller

Instead of setting the permission middleware manually to controller functions, Akaunting tries to convert your controller to Laratrust format automatically.

In any case, make sure you first create and attach the permissions of controllers into the FinishInstallation listener by just using the following snippet:

// c=create, r=read, u=update, d=delete
$this->attachPermissionsToAdminRoles([
    $this->alias . '-posts' => 'c,r,u,d',
    $this->alias . '-comments' => 'r',
]);

Here you can see the example of the My Blog module.

Checking for permissions

It’s so simple to check for permissions:

user()->can('update-my-blog-posts');
user()->canAny(['create-my-blog-posts', 'update-my-blog-posts']);

@can('update-my-blog-posts')
    <p>This is visible to users with the given permissions.</p>
@endcan

You should always check for permission instead of role because users can create custom roles. Feel free to read Laratrust documentation about advanced permission checks.