Twill 3 custom roles & permissions are not working

[shamith-smp-dgt]

Description

Hello, I'm trying to create new roles and add permissions to them. i want to make some modules only accessible by some of the new roles I've created. I followed the twill documentation and I still get Forbidden yellow screen error when i try to access a certain module as the new user role i created.

It looks like the code in AuthServiceProvider is not redefining twill's default permissions. how do i fix this?

Steps to reproduce

here is my code,

Models/Enums/UserRole.php

class UserRole extends Enum
{
    const VIEWONLY = 'View Only';
    const PUBLISHER = 'Publisher';
    const ADMIN = 'Admin';

    const VIEWER = 'Viewer';
    const EDITOR = 'Editor';
}

Providers/AppServiceProvider.php

public function register(): void
    {        \A17\Twill\Facades\TwillPermissions::setRoleEnum(\App\Models\Enums\UserRole::class);
    }

Providers/AuthServiceProvider.php

    public function boot(): void
    {
        Gate::define('list', function ($user) {
            return in_array($user->role_value, [
                UserRole::VIEWONLY,
                UserRole::VIEWER,
                UserRole::EDITOR,
                UserRole::ADMIN
            ]);
        });
    }

Expected result

When i logged in as a VIEWER and visit a module, I should be able to see it.

Actual result

But a I get a Forbidden yellow screen error.

Versions

Twill version: 3.4
Laravel version: 11.9
PHP version: 8.2
Database engine: MySQL

[zeezo887]

Hi @shamith-smp-dgt , first you need to make sure your AuthServiceProvider.php is registered. To do this add the provider to the bootstrap/providers.php file.

return [
    ...
    \App\Providers\AuthServiceProvider::class,
];

Then when defining your gate in the AuthServiceProvider, you need to use these abilities for list - access-module-list and access-media-library because Twill 3 now uses them. You can find that here

twill/src/AuthServiceProvider.php

Lines 13 to 19 in 90da826

	/**
	* Map between the legacy gates and the new gates from PermissionAuthServiceProvider.
	* The new gates are being used in the code now and the old gates are kept for
	* backward compatibility.
	*/
	public const ABILITY_ALIASES = [
	'list' => ['access-module-list', 'access-media-library'],

Which means you AuthServiceProvider boot method can now look like

$listAbilities = ['access-module-list', 'access-media-library'];

collect($listAbilities)->each(function ($ability) {
    Gate::define($ability, function ($user) {
        return in_array($user->role_value, [
            ...
            UserRole::VIEWER,
        ]);
    });
});

or you can just extend the Twill AuthServiceProvider and used the already defined methods to achieve the same purpose

<?php

namespace App\Providers;

use App\Models\Enums\UserRole;
use A17\Twill\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    public function boot()
    {
        $this->define('list', function ($user, $item = null) {
            return $this->authorize($user, function ($user) {
                return $this->userHasRole($user, [
                    ...
                    UserRole::VIEWER,
                ]);
            });
        });
    }
}