When do I need Awebsome.Roles?

When you want to provide a backend user to customers.

It is possible that you install plugins in your application, that they do not have the required permissions pre-configured for their use, and OctoberCMS by default, does not block them, this allows them to be used by any administrator with any role, as if they were a super user.

Cases of applicable use:

1. Unwanted access to configuration.

We use frequently the AnandPatel.Seoextension plugin and this plugin lacks required permissions in its configuration page, so, this is vulnerable to unwanted changes. With Awebsome.Roles we can add a required permission to the registerSettings and only provide access to the desired roles.

2. Unwanted use.

This is an unusual case, but it can happen! We use October.Test as an example, this plugin does not have any required permission in the navigation menu or in its page controllers for its use, therefore every user will have access to it. Assuming I want to restrict access to my clients or other administrators, we can do it with Awebsome.Roles.

3. Forced access by URL.

We give as an example for this case, to Raviraj.Rjgallery where this plugin has pre-configured required permissions on the navigation menu and this is hidden, but no required permissions have been assigned to the *page controllers and therefore, it can be forced access from the URL, even if the menu item is not displayed. I understand that, for this, there must be a bad intention, but if I want to provide access to clients not related to my administration or development group, they should not be able to see, or make unwanted changes.