Authorization
By default, all visualizations (DataGrids, Charts, etc.) are publicly accessible. To restrict access, you can use the HasVisualizationPermissions trait from the settleup/visualizations package. This trait provides a getPermissionName() method that automatically generates a permission name from your class name and passes it to Laravel's Gate::authorize() method.
Usage
Add the HasVisualizationPermissions trait to any DataGrid or Chart class that requires authorization.
DataGrid Example
use SettleUp\Visualizations\DataGrids\Abstracts\DataGrid;
use SettleUp\Visualizations\Traits\HasVisualizationPermissions;
class UserDataGrid extends DataGrid
{
use HasVisualizationPermissions;
// ...
}The generated permission name for this class would be user_data_grid.
Chart Example
use SettleUp\Visualizations\Charts\Abstracts\Chart;
use SettleUp\Visualizations\Traits\HasVisualizationPermissions;
class RevenueChart extends Chart
{
use HasVisualizationPermissions;
// ...
}The generated permission name for this class would be revenue_chart.
How It Works
The HasVisualizationPermissions trait generates the permission name by converting the class basename to snake_case. For example:
| Class Name | Permission Name |
|---|---|
UserDataGrid | user_data_grid |
RevenueChart | revenue_chart |
OrderDataGrid | order_data_grid |
SalesChart | sales_chart |
When a visualization with this trait is accessed, the generated permission name is passed to Laravel's Gate::authorize(). You can define the corresponding gate or policy in your application as you normally would with Laravel's authorization system.
Custom Permission Names
You don't have to use the HasVisualizationPermissions trait. You can define the getPermissionName() method directly on your class to return any permission name you'd like:
use SettleUp\Visualizations\DataGrids\Abstracts\DataGrid;
class UserDataGrid extends DataGrid
{
public function getPermissionName(): string
{
return 'view-users';
}
// ...
}This gives you full control over the permission name used for authorization, which can be useful when you need to match an existing permission scheme or want a more descriptive name.