Roles & Permissions
Quick Links
Screenshots & Videos
Place real assets under /images and /videos using root paths.
📌 Why Roles & Permissions?
Least-privilege by default, with auditable exceptions. Role baselines keep things simple; direct grants cover edge cases; event scoping reduces operational risk.
Control access to the platform using roles and granular permission strings. Permissions determine which actions a user can perform within each module.
Interface Preview
Quick Start
- Go to Organizer > Roles.
- Create or edit a role.
- Toggle permissions as needed and save.
Overview
Access control is powered by Spatie Laravel Permission. Users inherit permissions from their role, and admins can grant extra direct permissions per user.
- Roles: map sets of permissions to users.
- Permissions: granular strings controlling specific actions.
- Direct Permissions: optional overrides for individual users.
Where Permissions Live
| Location | Purpose |
|---|---|
config/roles_permissions.php | Source of truth for all permission strings and role → permission mappings |
database/seeders/RolePermissionSeeder.php | Seeder that creates missing permissions, roles, and syncs them from config |
Naming Convention
Permissions follow subject.action format. Examples:
| Subject | Actions |
|---|---|
| event | viewAny, view, create, edit, delete, restore, forceDelete |
| guest | viewAny, create, edit, delete |
| scanner | scan |
| badge | viewAny, create, edit, print, delete |
| organizer, printer, event-manager | various administrative actions |
| email-template, automated-event-email | viewAny, edit, send |
| statistic | viewAny |
| form, form-field, venue, gate, workshop, ticket, order | standard module actions |
Tip: In the UI, role-based permissions are read-only (labeled “from role”); direct toggles can be granted individually.
Default Roles
| Role | Role Permissions | Direct Permissions |
|---|---|---|
| admin | all permissions | all permissions |
| organizer | preference.edit, dashboard.view, event.viewAny, event.view | broad operational access across managed events |
| event-manager | preference.edit, dashboard.view, event.viewAny, event.view | operational access on assigned events |
| scanner | dashboard.view, event.viewAny, event.view, scanner.scan | none by default |
| printer | preference.edit, dashboard.view, event.viewAny, event.view, badge.viewAny | badge.create, badge.edit, badge.print, badge.delete, guest.viewAny |
Syncing Roles and Permissions
- After updating roles or permissions in configuration, roles must be synced to reflect the changes.
- Direct user permissions are not affected by syncing.
UI Behavior and Scoping
- Admin-only Organizer selector: Limits which events appear and which permissions can be toggled for Event Managers, Scanners, or Printers.
- Disabled toggles: Permissions may be disabled because they are role-based or restricted by Organizer.
- Event assignment: Event Managers, Scanners, and Printers must select one or more events for access.
Updating a User’s Permissions
- Navigate to User Management > Relevant Tab (Organizer/Event Manager/Scanner/Printer).
- Edit the user.
- Adjust toggles in the Permissions section:
- Checked and disabled = granted via role
- Enabled toggles = direct permissions you can grant/revoke
- Save changes.
Troubleshooting
| Issue | Resolution |
|---|---|
| “Not authorized” | Ensure your account has the corresponding viewAny permission for that section. |
| Toggles won’t enable | Selected Organizer restricts permission; pick a different Organizer or update its policy. |
| Scanner cannot scan | Confirm scanner.scan is granted and user is assigned to the correct events. |
| Missing email features | Verify email-template.* and email.send permissions are granted as needed. |
Last updated: 2025-10-09