{"id":277,"date":"2023-01-21T20:13:52","date_gmt":"2023-01-21T17:13:52","guid":{"rendered":"https:\/\/akaunting.com\/hc\/?post_type=docs&p=277"},"modified":"2023-02-01T19:44:05","modified_gmt":"2023-02-01T16:44:05","slug":"permissions","status":"publish","type":"docs","link":"https:\/\/akaunting.com\/hc\/docs\/developers\/permissions\/","title":{"rendered":"Permissions"},"content":{"rendered":"\n

Akaunting provides a powerful ACL system thanks to the wonderful Laratrust<\/a> package for Laravel. It ships with very useful functions on both PHP and Blade templates.<\/p>\n\n\n\n

Akaunting adds even more power to Laratrust with an easy-to-use interface to manage all Users, Roles, and Permissions.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Furthermore, all these permissions and roles are also applicable to RESTful API access so you can create an API user account that can just read but not write data to your Akaunting.<\/p>\n\n\n\n

Assigning permissions to controller<\/h3>\n\n\n\n

Instead of setting the permission middleware manually<\/a> to controller functions, Akaunting tries to convert<\/a> your controller to Laratrust format automatically.<\/p>\n\n\n\n

In any case, make sure you first create and attach the permissions of controllers into the FinishInstallation<\/code> listener by just using the following snippet:<\/p>\n\n\n\n

\/\/ c=create, r=read, u=update, d=delete\n$this->attachPermissionsToAdminRoles([\n    $this->alias . '-posts' => 'c,r,u,d',\n    $this->alias . '-comments' => 'r',\n]);<\/code><\/pre>\n\n\n\n
Here<\/a> you can see the example of the My Blog<\/code> module.<\/p>\n\n\n\n
Checking for permissions<\/h3>\n\n\n\n
It\u2019s so simple to check for permissions:<\/p>\n\n\n\n
user()->can('update-my-blog-posts');\nuser()->canAny(['create-my-blog-posts', 'update-my-blog-posts']);<\/code><\/pre>\n\n\n\n
@can('update-my-blog-posts')\n    <p>This is visible to users with the given permissions.<\/p>\n@endcan<\/code><\/pre>\n\n\n\n
You should always check for permission instead of role because users can create custom roles. Feel free to read Laratrust documentation about advanced permission checks<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
Akaunting provides a powerful ACL system thanks to the wonderful Laratrust package for Laravel. It ships with very useful functions on both PHP and Blade templates. Akaunting adds even more power to Laratrust with an easy-to-use interface to manage all Users, Roles, and Permissions. Furthermore, all these permissions and roles are also applicable to RESTful API access […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":31,"menu_order":6,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[],"class_list":["post-277","docs","type-docs","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/akaunting.com\/hc\/wp-json\/wp\/v2\/docs\/277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/akaunting.com\/hc\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/akaunting.com\/hc\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/akaunting.com\/hc\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/akaunting.com\/hc\/wp-json\/wp\/v2\/comments?post=277"}],"version-history":[{"count":2,"href":"https:\/\/akaunting.com\/hc\/wp-json\/wp\/v2\/docs\/277\/revisions"}],"predecessor-version":[{"id":343,"href":"https:\/\/akaunting.com\/hc\/wp-json\/wp\/v2\/docs\/277\/revisions\/343"}],"up":[{"embeddable":true,"href":"https:\/\/akaunting.com\/hc\/wp-json\/wp\/v2\/docs\/31"}],"wp:attachment":[{"href":"https:\/\/akaunting.com\/hc\/wp-json\/wp\/v2\/media?parent=277"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/akaunting.com\/hc\/wp-json\/wp\/v2\/doc_tag?post=277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}