$acl->allow('Author', 'Photos', 'upload');
// But sometimes we need to force deny for some resource inherited from parents.
$acl->deny('Author', 'Blogs', 'write');
// Allow "Editor" do any actions in "Blogs" and "Photos" except "delete".
$acl->allow('Editor', 'Blogs', '*');
$acl->allow('Editor', 'Photos', '*');
// deny some resources.
$acl->deny('Editor', 'Blogs', 'delete');
$acl->deny('Editor', 'Photos', 'delete');
// Admin can access anything
$acl->allow('Admin', '*', '*');
// Set current auth user to access list
Authorized::as_user($user);
}, 'database' => function ($user) {
// Instance access
$acl = Authorized::instance();
// Get all roles with rules
$roles = Role::with('rules')->get();
foreach ($roles as $role) {
// Add roles to access list
$acl->add_role($role->name);
foreach ($role->rules as $rule) {
// Add rules to access list, then give permisstion to role
// $acl->add_rule($rule->group, $rule->action);
// $acl->allow($role->name, $rule->group, $rule->action);
// This is a short way to do things above
$acl->allow($role->name, $rule->group, $rule->action, true);
}
}
// Set current auth user to access list
Authorized::as_user($user);
