Authentication and authorization are provided by default in Laravel. This package simply leverages what Laravel provides
and configures the views for you. By default, users can log in at /login and can also reset their password through that
same screen. New users have to reset their password before they can gain access to the admin application. By using the
twill configuration file, you can change the default redirect path (auth_login_redirect_path) and send users to
anywhere in your application following login.
The package currently provides three different roles:
Default permissions are as follows. To learn how permissions can be modified or extended, see the next section.
View only users are able to:
Publishers have the same permissions as view only users plus:
Admin users have the same permissions as publisher users plus:
There is also a super admin user that can impersonate other users at /users/impersonate/{id}.
The super admin can be a useful tool for testing features with different user roles without having to log out/login
manually,
as well as for debugging issues reported by specific users. You can stop impersonating by going
to /users/impersonate/stop.
You can create or modify new permissions for existing roles by using the Gate facade in your AuthServiceProvider.
The can middleware, provided by default in Laravel, is very easy to use, either through route definition or controller
constructor.
In app/Models/Enums/UserRole.php (or another file) define your roles:
1<?php 2 3namespace App\Models\Enums; 4 5use MyCLabs\Enum\Enum; 6 7class UserRole extends Enum 8{ 9 const CUSTOM1 = 'Custom role 1';10 const CUSTOM2 = 'Custom role 2';11 const CUSTOM3 = 'Custom role 3';12 const ADMIN = 'Admin';13}Then in your app service provider you can register it:
1<?php2class AppServiceProvider extends ServiceProvider3{4 public function register(): void5 {6 \A17\Twill\Facades\TwillPermissions::setRoleEnum(\App\Models\Enums\UserRole::class);7 }8}Finally, in your AuthServiceProvider class, redefine Twill's default permissions if you need to, or
add your own, for example:
1<?php 2 3namespace App\Providers; 4 5use App\Models\Enums\UserRole; 6use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; 7use Illuminate\Support\Facades\Gate; 8 9class AuthServiceProvider extends ServiceProvider10{11 public function boot()12 {13 Gate::define('list', function ($user) {14 return in_array($user->role_value, [15 UserRole::CUSTOM1,16 UserRole::CUSTOM2,17 UserRole::ADMIN,18 ]);19 });20 21 Gate::define('edit', function ($user) {22 return in_array($user->role_value, [23 UserRole::CUSTOM3,24 UserRole::ADMIN,25 ]);26 });27 28 Gate::define('custom-permission', function ($user) {29 return in_array($user->role_value, [30 UserRole::CUSTOM2,31 UserRole::ADMIN,32 ]);33 });34 }35}If you need a more dynamic approach you can also get the current permission enum using the facade:
1TwillPermissons::roles()::PUBLISHER (or any role)You can use your new permission and existing ones in many places like the twill-navigation configuration using can:
1'projects' => [2 'can' => 'custom-permission',3 'title' => 'Projects',4 'module' => true,5],Also in forms blade files using @can, as well as in middleware definitions in routes or controllers,
see Laravel documentation for more info.
You should follow the Laravel documentation regarding authorization. It's pretty good.
DANGER: don't use this feature in production as your CMS will be open for public.
Developers can configure Twill to do auto login using a pre-defined username and password and skip the login form.
To enable it you have to:
debug mode.env file:1TWILL_AUTO_LOGIN_EMAIL=email@email.com2TWILL_AUTO_LOGIN_PASSWORD=passv0rt1TWILL_AUTO_LOGIN_ENABLED=falseNote: this feature is available by default only for the local environment.