You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
170 lines
5.7 KiB
PHP
170 lines
5.7 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* This file is part of CodeIgniter Shield.
|
|
*
|
|
* (c) CodeIgniter Foundation <admin@codeigniter.com>
|
|
*
|
|
* For the full copyright and license information, please view
|
|
* the LICENSE file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Config;
|
|
|
|
use CodeIgniter\Shield\Config\AuthGroups as ShieldAuthGroups;
|
|
|
|
class AuthGroups extends ShieldAuthGroups
|
|
{
|
|
/**
|
|
* --------------------------------------------------------------------
|
|
* Default Group
|
|
* --------------------------------------------------------------------
|
|
* The group that a newly registered user is added to.
|
|
*/
|
|
public string $defaultGroup = 'user';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------
|
|
* Groups
|
|
* --------------------------------------------------------------------
|
|
* An associative array of the available groups in the system, where the keys
|
|
* are the group names and the values are arrays of the group info.
|
|
*
|
|
* Whatever value you assign as the key will be used to refer to the group
|
|
* when using functions such as:
|
|
* $user->addGroup('superadmin');
|
|
*
|
|
* @var array<string, array<string, string>>
|
|
*
|
|
* @see https://codeigniter4.github.io/shield/quick_start_guide/using_authorization/#change-available-groups for more info
|
|
*/
|
|
public array $groups = [
|
|
'superadmin' => [
|
|
'title' => 'Super Admin',
|
|
'description' => 'Complete control of the site.',
|
|
],
|
|
'admin' => [
|
|
'title' => 'Admin',
|
|
'description' => 'Day to day administrators of the site.',
|
|
],
|
|
'developer' => [
|
|
'title' => 'Developer',
|
|
'description' => 'Site programmers.',
|
|
],
|
|
'user' => [
|
|
'title' => 'User',
|
|
'description' => 'General users of the site. Often customers.',
|
|
],
|
|
'beta' => [
|
|
'title' => 'Beta User',
|
|
'description' => 'Has access to beta-level features.',
|
|
],
|
|
'payroll' => [
|
|
'title' => 'Payroll User',
|
|
'description' => 'Has access to Payroll features.',
|
|
],
|
|
'hr' => [
|
|
'title' => 'HR User',
|
|
'description' => 'Has access to Human Resources features.',
|
|
],
|
|
];
|
|
|
|
/**
|
|
* --------------------------------------------------------------------
|
|
* Permissions
|
|
* --------------------------------------------------------------------
|
|
* The available permissions in the system.
|
|
*
|
|
* If a permission is not listed here it cannot be used.
|
|
*/
|
|
public array $permissions = [
|
|
'superadmin.access' => 'Can access the sites admin area',
|
|
'superadmin.settings' => 'Can access the main site settings',
|
|
'superadmin.manage-superadmin' => 'Can manage other superadmin',
|
|
|
|
'admin.access' => 'Can access the sites admin area',
|
|
'admin.settings' => 'Can access the main site settings',
|
|
'admin.manage-admins' => 'Can manage other admins',
|
|
'users.create' => 'Can create new non-admin users',
|
|
'users.edit' => 'Can edit existing non-admin users',
|
|
'users.delete' => 'Can delete existing non-admin users',
|
|
'beta.access' => 'Can access beta-level features',
|
|
|
|
'users.data-view' => 'Can view existing data',
|
|
'users.data-create' => 'Can create new data',
|
|
'users.data-edit' => 'Can edit existing data',
|
|
'users.data-delete' => 'Can delete existing data',
|
|
'users.data-print' => 'Can print existing data',
|
|
'users.data-upload' => 'Can upload data',
|
|
'users.data-download' => 'Can download data',
|
|
'users.data-export' => 'Can export data',
|
|
|
|
'payroll.data-create' => 'Can create new data',
|
|
'payroll.data-edit' => 'Can edit existing data',
|
|
'payroll.data-delete' => 'Can delete existing data',
|
|
'payroll.data-view' => 'Can view existing data',
|
|
'payroll.data-print' => 'Can print existing data',
|
|
'payroll.data-upload' => 'Can upload data',
|
|
'payroll.data-download' => 'Can download data',
|
|
'payroll.data-export' => 'Can export data',
|
|
|
|
'hr.data-create' => 'Can create new data',
|
|
'hr.data-edit' => 'Can edit existing data',
|
|
'hr.data-delete' => 'Can delete existing data',
|
|
'hr.data-view' => 'Can view existing data',
|
|
'hr.data-print' => 'Can print existing data',
|
|
'hr.data-upload' => 'Can upload data',
|
|
'hr.data-download' => 'Can download data',
|
|
'hr.data-export' => 'Can export data',
|
|
];
|
|
|
|
/**
|
|
* --------------------------------------------------------------------
|
|
* Permissions Matrix
|
|
* --------------------------------------------------------------------
|
|
* Maps permissions to groups.
|
|
*
|
|
* This defines group-level permissions.
|
|
*/
|
|
public array $matrix = [
|
|
'superadmin' => [
|
|
'superadmin.*',
|
|
'admin.*',
|
|
'users.*',
|
|
'beta.*',
|
|
'payroll.*',
|
|
'hr.*',
|
|
],
|
|
'admin' => [
|
|
'admin.access',
|
|
'users.create',
|
|
'users.edit',
|
|
'users.delete',
|
|
'beta.access',
|
|
'payroll.*',
|
|
'hr.*',
|
|
],
|
|
'developer' => [
|
|
'admin.access',
|
|
'admin.settings',
|
|
'users.create',
|
|
'users.edit',
|
|
'beta.access',
|
|
],
|
|
'user' => [
|
|
'users.data-*',
|
|
],
|
|
'beta' => [
|
|
'beta.access',
|
|
],
|
|
'payroll' => [
|
|
'payroll.*',
|
|
],
|
|
'hr' => [
|
|
'hr.*',
|
|
],
|
|
];
|
|
}
|