Screencast #06 - Users and Permissions

Users and Permissions

Pagekit comes with a powerful user system that you can use in a flexible way. In this post, we will give you a quick overview of everything you need to know.

You can enable public user registration or create accounts from the admin interface. Either way, it is important to understand the concepts of permissions and roles. As a developer, you can also work with user accounts inside the code of your extension.

Core concepts

Permissions define which actions a user can perform. A permission is identified by a unique string, for example user: access admin area. This permission is defined by the user module. Only users with this permission are able to login to the admin area.

Roles group together several user accounts. All users with the same role share the same permissions. Roles are also used to manage access to elements of your site’s content. Pagekit comes with default roles and allows you to add your own.

Show content to specific role only

Roles can be used for several tasks. For example, create special content that is only accessible by selected users.

  1. In Users > Roles, create a new role called "Premium". Don’t assign any permissions to this role.
  2. In Users > List, click a user account to edit their profile and enable the "Premium" role. Save your changes.
  3. On every page in the Site area, you see a Restrict access section in the sidebar. Make sure to select the "Premium" role and nothing else.

This item will now be visible only to logged in users of the "Premium" role.

Note that administrator accounts cannot see this content by default. Add the admin user to the "Premium" role or enable "Administrator" in the Restrict access settings.

Register permissions from a module definition

To add a new permission use the permissions keyword in the index.php of an extension. You you can then assign to this permission to roles from the admin area.

'permissions' => [
    'hello: manage settings' => [
        'title' => _('Manage settings')

Check permissions from a controller action

To check permissions in a Pagekit extension, you have several possibilities.

The following examples assume that the Pagekit Application is available. Make sure to add this to the top of your controller class file.

use Pagekit\Application as App;

Fetch the user that is currently logged in. If no user is logged in, this will return a user object that belongs to the Anonymous Role.

$user = App::user();

Check the access of a user. This returns true when the user has the permission assigned to one of its roles, or when the user is an administrator.

if(!$user->hasAccess("hello: manage settings")) {
    return "Nope";

Alternatively, use the @Access annotation above a controller class or method.

* @Access("hello: manage settings")


Find more details and examples in the Pagekit documentation on users and permissions.

Comments and Feedback

We have covered this topic because some of you have requested it. Thanks for that, please keep the input coming. Post remaining questions and future wishes in the comments below or join us in our developer chat.

Here is a short list of all existing screencasts:

Posted by Florian
{{ message }}

{{ 'Comments are closed.' | trans }}