User Management

Authentication and authorization are provided by default in Laravel. This package simply leverages what Laravel provides and configures the views for you. By default, users can log in at /login and can also reset their password through that same screen. New users have to reset their password before they can gain access to the admin application. By using the twill configuration file, you can change the default redirect path (auth_login_redirect_path) and send users to anywhere in your application following login.

Roles

The package currently provides three different roles:

  • view only
  • publisher
  • admin

Permissions

Default permissions are as follows. To learn how permissions can be modified or extended, see the next section.

View only users are able to:

  • login
  • view CRUD listings
  • filter CRUD listings
  • view media/file library
  • download original files from the media/file library
  • edit their own profile

Publishers have the same permissions as view only users plus:

  • full CRUD permissions
  • publish
  • sort
  • feature
  • upload new images/files to the media/file library

Admin users have the same permissions as publisher users plus:

  • full permissions on users

There is also a super admin user that can impersonate other users at /users/impersonate/{id}. The super admin can be a useful tool for testing features with different user roles without having to log out/login manually, as well as for debugging issues reported by specific users. You can stop impersonating by going to /users/impersonate/stop.

Extending user roles and permissions

You can create or modify new permissions for existing roles by using the Gate facade in your AuthServiceProvider. The can middleware, provided by default in Laravel, is very easy to use, either through route definition or controller constructor.

In app/Models/Enums/UserRole.php (or another file) define your roles:

1<?php
2 
3namespace App\Models\Enums;
4 
5use MyCLabs\Enum\Enum;
6 
7class UserRole extends Enum
8{
9 const CUSTOM1 = 'Custom role 1';
10 const CUSTOM2 = 'Custom role 2';
11 const CUSTOM3 = 'Custom role 3';
12 const ADMIN = 'Admin';
13}

Then in your app service provider you can register it:

1<?php
2class AppServiceProvider extends ServiceProvider
3{
4 public function register(): void
5 {
6 \A17\Twill\Facades\TwillPermissions::setRoleEnum(\App\Models\Enums\UserRole::class);
7 }
8}

Finally, in your AuthServiceProvider class, redefine Twill's default permissions if you need to, or add your own, for example:

1<?php
2 
3namespace App\Providers;
4 
5use App\Models\Enums\UserRole;
6use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
7use Illuminate\Support\Facades\Gate;
8 
9class AuthServiceProvider extends ServiceProvider
10{
11 public function boot()
12 {
13 Gate::define('list', function ($user) {
14 return in_array($user->role_value, [
15 UserRole::CUSTOM1,
16 UserRole::CUSTOM2,
17 UserRole::ADMIN,
18 ]);
19 });
20 
21 Gate::define('edit', function ($user) {
22 return in_array($user->role_value, [
23 UserRole::CUSTOM3,
24 UserRole::ADMIN,
25 ]);
26 });
27 
28 Gate::define('custom-permission', function ($user) {
29 return in_array($user->role_value, [
30 UserRole::CUSTOM2,
31 UserRole::ADMIN,
32 ]);
33 });
34 }
35}

If you need a more dynamic approach you can also get the current permission enum using the facade:

1TwillPermissons::roles()::PUBLISHER (or any role)

You can use your new permission and existing ones in many places like the twill-navigation configuration using can:

1'projects' => [
2 'can' => 'custom-permission',
3 'title' => 'Projects',
4 'module' => true,
5],

Also in forms blade files using @can, as well as in middleware definitions in routes or controllers, see Laravel documentation for more info.

You should follow the Laravel documentation regarding authorization. It's pretty good.

Auto login

DANGER: don't use this feature in production as your CMS will be open for public.

Developers can configure Twill to do auto login using a pre-defined username and password and skip the login form.

To enable it you have to:

  • Put the application in debug mode
  • Create a user in the CMS
  • Add user's credentials to your .env file:
1TWILL_AUTO_LOGIN_EMAIL=email@email.com
2TWILL_AUTO_LOGIN_PASSWORD=passv0rt
  • Enable the autologin feature:
1TWILL_AUTO_LOGIN_ENABLED=false

Note: this feature is available by default only for the local environment.