Kekatu comes with advanced roles and permissions mechanism which allows you to easily manage your available roles and permissions via Web UI. System is created to allow users to have only one role, and to allow different permissions for each role.
On roles section of the website administrators (or other users with appropriate permissions) can see and manage available system roles, as well as add unlimited number of new roles. Page with default system roles (Employee, Members and None) is provided below.
Also, if administrator is interested for activity log of particular user, simply by clicking on user's name he can view the entire log for that specific user.
As it was already mentioned, users with appropriate permissions can add unlimited number of roles, and use them to customise the application. More on that can be found in working with permissions section.
Form for adding new role, and editing existing roles, is provided below.
Permissions represent some concrete actions that specific role can perform. For example, one of default permissions is users.manage, and every user with role which has this permission can manage system users.
This means that, for example, you can create new system role called Staff, and allow staff to only edit system users, without them being able to update system settings etc.
Note: Default system permissions cannot be deleted. Custom created permissions can be deleted without any problem.
List of available permissions, including available system roles and their permissions, is provided below.
If we want, for example, to allow system users with role User to be able to View System Activity Log, all we have to do is to check the corresponding checkbox for that role, and click Save Permissions button at the bottom of the page. After that all users will be able to see Activity Log in sidebar menu as well as to access the activity log for all system users.
Kekatu support unlimited number of permissions, and they can be added via form provided below.
Permission name is used as key/constant inside the source code to check if user has permissions to perform some action (more on that inside custom registration form example), and display name is used inside the UI, to better explain what the permission is used for.