Permissions

QOR5 permission is based on https://github.com/ory/ladon.
A piece of policy looks like this:
Who is able to do what on something (with given some context)

Who - Subject

Typically in admin system, they are roles like Admin, Super Admin.
Use SubjectsFunc to fetch current subjects:

Able - Effect

perm.Allowed
perm.Denied

What - Action

presets has a list of actions:

presets.PermList
presets.PermGet
presets.PermCreate
presets.PermUpdate
presets.PermDelete

And you can define other specific actions if needed.

Something - Resource

An arbitrary unique resource name.
The presets builtin resource format is :presets:mg_menu_group:uri:resource_rn:f_field:.
For example :presets:user_management:users:1: represents the user record with id 1 under uri user_management.
Use * as wildcard.

Context - Condition

Optional.
The current context that containing condition information about the resource.
Use ContextFunc to set the context:

Policy uses Given to set conditions:

Custom Action

Let's say there is a button on User detailing page used to ban the user. And only super_admin users have permission to execute this action.
First, create a verifier

Then inject this verifier to relevant logic, such as

whether to show the ban button.
validate permission before execute the ban action.

Finally, add policy

Example

Debug

prints permission logs which is very helpful for debugging the permission policies:

On This Page