This forum has moved to a new location and is in read-only mode. Please visit talk.octobercms.com to access the new location.
I am using octobercms to build a property listing website and decided to allow the "Agent, Agency & Admin" to access backend to create and manage properties listing, locations, categories etc (just to save on frontend forms/lists etc).
I have created different permissions per resource (property.create, property.edit etc) to proved desired access level. But as per octobercms working these permissions were handle only on presentation level (on page there is no link to create properties or menu but a user can access "Acme/estate/properties/create" route.
Octobercms provides a way to handle this in controller's $requiredPermissions
but this too much relaxed for may case (hasAnyAccess). If a user have "property.view" permission he can also access the "update" or "create" action.
I can check per action permission by overriding the action and calling respective behaviour action after validation but this is to much work. Middleware also not working as expected as it don't redirect.
How to handle this in octobercms. Is is possible to define a function like "doesHaveAccess" that return true and false and auto called in every action Or what is the octobercms way.
Thanks.
Use the backend.page.beforeDisplay
event
ref. https://octobercms.com/docs/api/backend/page/beforedisplay
1-2 of 2