In a previous page you can see the structure of AuthUser and all defined ability of user. Now under the structure you can see some keys, so the detail information about that keys is follow.

Config

This is 1st level of Access. Here all the configuration level manipulation will be done, like user_id, user_role etc.

  • col_user_id : DB column name of primary key.
  • col_role : DB column name of role.
  • col_user_permissions : DB column name of __permission.
  • user_model : Path to your User model.
  • role_model : Path to your Role model.

Rules

A Rule is a way to allow or deny a User to perform an Action on a Resource. Some key point included in rule explain in details below.

  • Allow
    • The allow applies a Rule to a user, that allows the user to perform an action on a Resource.
    • The allow access ids under it. Ex. 'allow' => ['*']. The * is the access ids.
    • Low priority as compare to deny.
  • Deny
    • The deny applies a Rule to a user, that deny the user to perform an action on a Resource.
    • The deny access ids under it. Ex. 'deny' => ['user.delete']. The ‘user.delete’ is the access ids but this is not allow to user to delete it.
    • High priority as compare to allow.

Roles

A user role basis permission handle here. This is a 3rd level of access. You can add your route name or zones in allow and deny array. This will check if logged in user role and then it will allow or deny action on resource basis of permission.

Users

A Users array is a basis on a id of a user, here you can define multiple nested level array as per user id. This is 2nd level of access, here also you can add your route name in allow or deny array as per your requirement. When a user is logged in then it will allow or deny action on resource basis of permission which is write here.

Conditions

Conditions Check the dynamic conditions. If you have some specific situation which is not handle by above array then you can write your logic here. It is a 5th level of access. This logic will be perform on access_ids and your 'condition'. Here you can add a callback function and write some logic here.

  • access_ids - Define the access ids.
  • condition – Write here your logic for dynamic conditions, It’s a callback function.

Dynamic Access Zones

you can create your multiple route ids and its dependencies in one zone. eg. if you have user component and user component have multiple actions like list, add, edit, delete and all actions have routes and then you have to write those route ids in above array multiple times, to avoid repetitiveness in a code you can create zones of multiple ids and add these zones in your required place.

  • 'dynamic_access_zones' : It is a array of multiple zones. In above array define a zone in that give a zone title and ‘access_ids’.

  • 'access_ids' : It’s a array of multiple route ids (name). You can also use asteric (). Example - ‘account.test.write.’. In this example If you access above zone then it will check if logged in user have permission to access all the access ids define in this zone.

  • 'dependencies' : This is a array for defining dependencies of above access ids. For example – account.test.write.* this route dependency is account.test.list. If user have permission to add account then user automatically have permission for view a list.

So this is a way of defining ability of user (permissions) static & dynamic permission. The ability define base of roles, user id, also define dynamically using permissions_json column we need to define column in users table in DB & save zone id for that user. In a zone multiple route id can define and its dependencies are defined.