Akaunting provides a powerful ACL system thanks to the wonderful Laratrust package for Laravel. It ships with very useful functions to be used on both PHP and Blade templates.
Akaunting adds even more power to Laratrust with an easy to use interface to manage all Users, Roles and Permissions.
Furthermore, all these permissions and roles are also applicable to RESTful API access so you can create an API user account that can just read but not write data to your Akaunting.
Assigning permissions to controller
In any case, make sure you first create and attach the permissions of controllers into the
FinishInstallation listener by just using the following snippet:
// c=create, r=read, u=update, d=delete $this->attachPermissionsToAdminRoles([ $this->alias . '-posts' => 'c,r,u,d', $this->alias . '-comments' => 'r', ]);
Here you can see the example of the
My Blog module.
Checking for permissions
It’s so simple to check for permissions:
user()->can('update-my-blog-posts'); user()->canAny(['create-my-blog-posts', 'update-my-blog-posts']);
@can('update-my-blog-posts') <p>This is visible to users with the given permissions.</p> @endcan
You should always check for permission instead of role because users can create custom roles. Feel free to read Laratrust documentation about advanced permission checks.