Product support

Get help in the plugin support forum.

  • Added on Aug 3, 2016
  • Current version: 1.3.11
  • Platform Compatibility
    v3.x not tested
    v2.x use latest
    v1.x use latest
  • Extensions: 2
  • Created by
  • Public repository


This plugin allows to manage access to front-end based on roles hierarchy or flat roles structure.

RainLab.User and Lovata.Buddies are supported as auth system


  • create your roles and permissions
  • group roles into parent - children relations (or just create set of roles without parenting)
  • manage access to a CMS page (by role, permission, auth/anonymous)
  • use Twig helpers to allow or restrict access in views
  • use PHP helpers to allow or restrict access in php code

You may like my other plugins



Quick start

Add Access component to layouts or pages which access you want to control.

Then create some roles and/or permissions in Users > Roles Hierarchy.

Optionaly to use the power of roles hierarchy create roles system by assigning parent - child relations between them. Then you can create some permissions and assign them to roles depending on hierarchy (check screenshot).

CMS Pages access

After at least one role is created you can choose it in CMS Page settings to allow access only for users of that role or it's parents. Another option is to manage Page access by choosing permission. Or check "Only anonymous" checkbox to restrict access for any logged user.


You can use twig helpers or PHP static functions to allow or restrict access.

Check if user got specific role

-  isRole($role_code, $user = null)
- user.isRole($role_code)
-  Helper::isRole($role_code, $user = null)
-  $user->isRole($role_code)

Checks if current user has specific role or a role with higher privileges (roles ancestors). Pass user object as second parameter to check it rather then authenticated user. Example: if user has admin role: isRole('admin') and isRole('superadmin') will return true.

Check if user got specific permission

- able($permission_code, $user = null)
- user.able($permission_code)
-  Helper::able($permission_code, $user = null) 
-  $user->able($permission_code)

Checks if current user's role has right to execute a permission. Permission should be assigned to the user's role or to a role with lower privileges (roles successors). Pass user object as second parameter to check it rather then authenticated user.

Get Role object by role code string parameter

- roleByCode($role_code)
-  Helper::roleByCode($role_code)

Use case for this helper: you want to add radio buttons role selector to your registration form:

    <div class="form-row text-center">
        <div class="form-group col-md-6">
            <label for="seller-role">Seller</label><br>
            <input id="seller-role" name="role_id" value="{{ roleByCode('seller').id }}" type="radio">
        <div class="form-group col-md-6">
            <label for="buyer-role">Buyer</label><br>
            <input id="buyer-role" name="role_id" value="{{ roleByCode('buyer').id }}" type="radio">

role_id field is fillable in User model (for both supported plugins) so it will be saved automatically.

  • Found the plugin useful on 20 Jul, 2019

    Спасибо огромное. Всё работает с Lovata.Buddies . Вот только объясняловку бы поподробнее для таких безграмотных как я (даже ангийского не знаю)

  • author

    Replied on 21 Jul, 2019

    Спасибо за оценку! Есть вопросы - пишите, отвечу. Как именно улучшить документацию? Тоже открыт к предложениям.

    Thanks for the rating! If you got any questions - feel free to ask. How exactly you want me to improve the documentation? I'm open for suggestions.

  • Found the plugin useful on 10 Aug, 2016

    There is a hardcoded URL to the " /admin" area if the user has a different Backend URL the links will not work. Found in the following files:

    ~/roles/controllers/roles/index.htm Upon the lines 16, 18, 31 ~/roles/controllers/Roles.php Upon the line 38

    Works perfect btw.

  • author

    Replied on 10 Aug, 2016

    Thanks! Added new version with this fix


Role field extended - prevent from appearing in repeater of the same model form.

Mar 15, 2021


emptyOption added in user form role dropdown.

Feb 26, 2021


Roles list as tree.

Dec 24, 2020


Make sure vdomah_role_id column in users/lovata_buddies_users is nullable.

Oct 09, 2020


Helper::iterateChildren fix. Documented Helper class.

Oct 02, 2020


isRole fix error when user not logged in

Oct 02, 2020


Fix class names in migrations from v1.3.4

May 31, 2020


Rename vdomah_roles_role_id column to vdomah_role_id

May 31, 2020


Permissions type:relation removed

May 30, 2020


Fixed v1.3.0 migrations declarations

May 30, 2020


vdomah_roles_role_id made fillable

May 30, 2020


!!! Rename role_id to vdomah_roles_role_id (needed by guidelines). - builder_table_update_buddies_rename_role_id_column.php - builder_table_update_users_rename_role_id_column.php

May 30, 2020


Fixed roleByCode helper.

May 30, 2020


Page role and permission are stored as codes. Backwards compatibility for id (int) so no changes are mandatory for existing projects

May 29, 2020


Added roleByCode twig helper and corresponding Helper::roleByCode php helper

May 28, 2020


Added isRole and able methods to user object

Nov 24, 2018


Check role_id exists in users table and add if no

Sep 20, 2018


role_id field nullable

Sep 19, 2018


Add fillable to Role model

Sep 19, 2018


Check if users table exists in migrations before altering it

Sep 15, 2018


Lovata.Buddies plugin integration

Feb 23, 2018


Logged only CMS page parameter added

Mar 14, 2017


Fixed bug wich prevented returning the whole ancestor tree in a role (thanks Daniel Tamas). En translations updated

Jan 25, 2017


CMS Pages access managment moved to separate tab

Jan 24, 2017


CMS Pages access managment by assigning roles and permissions

Dec 14, 2016


Replaced hardcoded backend urls with dynamic links in controller (thanks to Damian Verhaar)

Aug 21, 2016


Replaced hardcoded backend urls with dynamic links in view (thanks to Damian Verhaar)

Aug 10, 2016


SimpleTree trait implemented, fixed roles dropdown in user form

Aug 08, 2016


Soft implementation of RainLab.Translate

Aug 04, 2016


Permission name transaltable. Readme update. Move static methods to Helper

Aug 04, 2016


Initialize plugin.

Jul 29, 2016

From v1.3.0 role_id column is renamed to vdomah_roles_role_id to respect guidelines.