Groups and Permissions

Defining groups

By default, Grav does not provide any group. You need to define them.

Groups are defined in the user/config/groups.yaml file. If that file does not exist yet, create it.

Here’s an example of a user groups definition:

 1registered:
 2  icon: users
 3  readableName: 'Registered Users'
 4  description: 'The group of registered users'
 5  access:
 6    site:
 7      login: true
 8paid:
 9  readableName: 'Paid Members'
10  description: 'The group of paid members'
11  icon: money
12  access:
13    site:
14      login: true
15      paid: true
16administrators:
17  groupname: administrators
18  readableName: Administrators
19  description: 'The group of administrators'
20  icon: child
21  access:
22    admin:
23      login: true
24    site:
25      login: true

Here we define 3 groups.

Assigning a user to a group

Every user can be assigned to a group.

Simply add

 1groups:
 2  - paid

to a user’s yaml file under user/accounts.

You can add multiple groups:

 1groups:
 2  - administrators
 3  - another-group

You can also edit a user’s group information through the Admin Plugin.

Permissions

Users assigned to a group inherit the group permissions. You can for example define a group that has permission site.paid by adding:

 1access:
 2  site:
 3    paid: true

to the group definition in user/config/groups.yaml.

When a user is assigned to that group, it will inherit the site.paid: true permission.

When a user belongs to multiple groups, it's enough that a group provides a permission, and it will be added to the user's permissions.

Fine-tuning permissions on a user level

You can fine-tune the permissions on a user level too, as usual. With groups, you can define a global permission and deny it on a user level, by adding

 1access:
 2  site:
 3    paid: false

to a user’s yaml file.