Access Control Model
How Permissions Work
Permission Checking
When a user tries to access a feature, PteroCA checks if they have the required permission:
User requests access to a feature (e.g., clicks "Users" menu item)
System retrieves user's roles from the database
System collects all permissions from all assigned roles
System checks if any permission matches what's required
Access granted or denied based on the check
Menu Visibility
The admin menu automatically adapts to show only items the user can access:
Menu items are hidden if the user lacks the required permission
Submenus use OR-logic: A submenu is visible if the user has ANY child permission
Example: "Shop" submenu appears if user has
access_categoriesORaccess_products
Empty submenus are hidden completely
This provides a clean interface showing only relevant options.
Multi-layer Security
Permissions are enforced at multiple levels:
Menu Level: Items hidden if user lacks permission
Controller Level: Access denied even if user knows the URL
Service Level: Business logic validates permissions
Database Level: Foreign key constraints prevent unauthorized data changes
Related Documentation
Roles & Permissions Guide - Practical guide for creating and managing roles
Access Control Overview - Introduction to the access control system
Core Configuration - System settings (requires appropriate permissions)
Last updated