FusionCMS is currently in an open beta state and under heavy active development.

Permissions

Introduction

FusionCMS will use an intercepting gate check to verify authenticated users have the necessary permissions to visit certain pages. Permissions are stored in the database and registered whenever the fusion:sync command is invoked.

The following snippet is from FusionCMS' API permissions/fusion.php file:

<?php

return [
    'backups'       => ['viewAny', 'view', 'create', 'update', 'delete', 'restore'],
    'directories'   => ['viewAny', 'view', 'create', 'update', 'delete'],

    // ...
];

The hash keys are combined with their values to create the final permission rule (e.g. backups.viewAny).

Registration

Permissions are registered through the fusion:sync command, which is invoked per request or after installing or updating FusionCMS.

Addons

Permissions included in Addons will also be included after fusion:sync is invoked.

See full article for more information.

Usage

Controllers

<?php

namespace Fusion\Http\Controllers\API;

use Fusion\Http\Controllers\Controller;
use Fusion\Models\Navigation;
use Illuminate\Http\Request;

class NavigationController extends Controller
{
    // ...

    /**
     * Destroy resource from storage.
     *
     * @param \Illuminate\Http\Request  $request
     * @param \Fusion\Models\Navigation $navigation
     * @param int                       $id
     *
     * @return void
     */
    public function destroy(Request $request, Navigation $navigation, $id)
    {
        $this->authorize('acme.delete');

        // ...
    }
}

Form Requests

<?php

namespace Fusion\Http\Requests;

use Fusion\Services\Builders;

class AcmeRequest extends Request
{
    /**
     * Determine if the user is authorized to make a POST request.
     *
     * @return bool
     */
    public function authorizePost()
    {
        return $this->user()->can('acme.create');
    }

    /**
     * Determine if the user is authorized to make a PATCH request.
     *
     * @return bool
     */
    public function authorizePatch()
    {
        return $this->user()->can('acme.update');
    }
}
Have questions?

We're always happy to help with code or other questions you might have. Contact support or chat live with us on Discord.

Last edited on Tuesday, March 30, 2021 (1 year ago)