Let professionals install TastyIgniter for you! Learn more

  Documentation
  Help Center
  Premium Support
  Support Services
  Contact
Select A Version
v4.x Latest (v3.x)

Permissions

The Permissions' system controls access and restriction to all parts of a TastyIgniter application. There are Super Admins at the lowest level (users with the super_user flag set to true), and Administrators (staff), and permissions. The \Admin\Models\Staffs_model and \Admin\Models\Users_model models are the containers that hold all the important information about an administrator.

Super admins have access to everything in the system and can only be managed by themselves or by other super admins; they are not accessible to or editable by regular administrators, even if an administrator has the Admin.Staff permission.

Permissions are string keys in the form of Author.Extension.Permission name which are given to an administrator by inheritance through the staff's Role.

When determining whether a staff has a specific permission, the permission settings for that staff's role will be applied. For example, if administrator Sam belongs to Chef role, and role Chef has manage_order permission, then Sam will get to manage_order.

Staff Roles are groups of permissions with a name used to identify the role of an administrator. Only one role can be assigned to a staff at once. Multiple staff may be assigned a role. TastyIgniter ships with four system roles by default; owner, manager, waiter and delivery. Any number of custom roles can be created and applied to administrators with their own combinations of permissions.

Staff Groups have nothing to do with permissions and are strictly an administrative tool for grouping administrators. For instances, groups can be used to assign an order to all administrators in the Kitchen.

Administrator permissions can be registered by extensions by overriding the registerPermissions method within the Extension registration class. The permissions are defined as an array with keys that match the permission keys and the values holding the permission group & descriptions. The permission keys consist of the name of the author, the name of the extension and the name of the function. Here is an example:

Igniter.Cart.Manage

Admin controllers can use permissions defined by extensions to restrict administrator access to pages or features. Permissions are defined with a permission key and description. The next example shows how to register administrator permission items.

public function registerPermissions()
{
    return [
        'Igniter.Pages.Manage' => [
            'description' => 'The permission description',
            'group' => 'module',
        ],
    ];
}

Within an admin controller class, you may specify which permissions are required to access the controller pages, using the $requiredPermissions controller's property. This property should contain an array of permission keys. The system would allow the administrator to access the controller pages if the administrator permissions match ANY permission from the list.

<?php namespace Igniter\Pages\Controllers;

use Admin\Classes\AdminController;

class StaticPages extends AdminController
{
    public $requiredPermissions = ['Igniter.Pages.Manage'];
}

The asterisk symbol can also be used to signify the "all permissions" condition. The controller pages are available in the next example for all administrators who have any permissions beginning with the "Igniter.Pages." string:

public $requiredPermissions = ['Igniter.Pages.*'];

The admin \Admin\Models\Users_model user model has method hasPermission for determining whether the administrator has specific permissions. To restrict the functionality of the admin user interface, you can use this feature. This method takes two parameters: the permission key string (or an array of key strings) and the optional parameter specifying that all permissions specified with the first parameters are required.

The hasPermission method returns true for any permission if the administrator is a superadmin (super_user set to true) or if the administrator does have the specified permissions through their group. The example below illustrates how to use the methods in the controller code:

if ($this->user->hasPermission('Igniter.Pages.*')) {
    // ...
}

if ($this->user->hasPermission([
    'Igniter.Pages.ManagePages',
    'Igniter.Pages.ManageMenus'
])) {
    // ...
}
Did this answer your question?
See a mistake? Edit this page
Help Center

Read our extensive documentation and tutorials.

Community Forums

Get support from other members of the TastyIgniter community.

Developer chat on Discord

Chat live with other developers on the official TastyIgniter Discord.

Twitter

Follow the TastyIgniter Twitter account for news and updates.

Continue