Introduction
FusionCMS will use an intercepting gate check to verify authenticated users have the necessary permissions to visit certain pages. Permissions are stored in the database and registered whenever the fusion:sync command is invoked.
The following snippet is from FusionCMS' API permissions/fusion.php file:
<?php
return [
'backups' => ['viewAny', 'view', 'create', 'update', 'delete', 'restore'],
'directories' => ['viewAny', 'view', 'create', 'update', 'delete'],
// ...
];The hash keys are combined with their values to create the final permission rule (e.g. backups.viewAny).
Registration
Permissions are registered through the fusion:sync command, which is invoked per request or after installing or updating FusionCMS.
Addons
Permissions included in Addons will also be included after fusion:sync is invoked.
See full article for more information.
Usage
Controllers
<?php
namespace Fusion\Http\Controllers\API;
use Fusion\Http\Controllers\Controller;
use Fusion\Models\Navigation;
use Illuminate\Http\Request;
class NavigationController extends Controller
{
// ...
/**
* Destroy resource from storage.
*
* @param \Illuminate\Http\Request $request
* @param \Fusion\Models\Navigation $navigation
* @param int $id
*
* @return void
*/
public function destroy(Request $request, Navigation $navigation, $id)
{
$this->authorize('acme.delete');
// ...
}
}Form Requests
<?php
namespace Fusion\Http\Requests;
use Fusion\Services\Builders;
class AcmeRequest extends Request
{
/**
* Determine if the user is authorized to make a POST request.
*
* @return bool
*/
public function authorizePost()
{
return $this->user()->can('acme.create');
}
/**
* Determine if the user is authorized to make a PATCH request.
*
* @return bool
*/
public function authorizePatch()
{
return $this->user()->can('acme.update');
}
}