Introduction
As businesses grow, user access management is vital. You need to add custom permissions.
This helps for different roles and tasks. Not every CRM user should have access to every feature.
Sales reps, managers, support agents, and admins need different access levels. This depends on their roles.
Krayin CRM solves this problem with its built-in Access Control List (ACL) system.
The ACL framework helps developers. They can add custom permissions with ease. It’s clear and scalable.
It also lets admins control feature access. They can do this without changing the app code.
When you build custom modules for Krayin CRM, use ACL. This ensures your package matches the security standards of the built-in CRM features.
In this article, we’ll see how Krayin’s ACL system works. We’ll learn how to add custom permissions to your package module, too.
What is ACL in Krayin CRM?
ACL stands for Access Control List.
Krayin CRM has a built-in authorization system. It controls access to different parts of the app.
ACL gives a central way to define permissions. This helps avoid hardcoding checks in the application.
The permission flow looks like this:
This structure makes permission management easier as your CRM grows.
Why Add Custom Permissions to Krayin CRM Modules?
Many developers add basic authorization checks at the start. They do this early in their projects.
For example:
if ($user->isAdmin()) {
// Allow access
}
While this works for small applications, it becomes difficult to maintain over time.
Krayin’s ACL system provides a more scalable solution.
Centralized Permission Management
Administrators can manage permissions through the CRM interface.
You do not need to make any code changes when updating role access.
Better Security
Permissions can be enforced across:
- Controllers
- Menus
- Blade Views
- APIs
- DataGrids
Consistent User Experience
Custom modules behave exactly like native Krayin modules.
Users only see the features they are authorized to access.
Easier Maintenance
You can change permissions without altering the business logic.
This reduces long-term maintenance effort.
Example: How to Add Custom Permissions for a Project Module
Suppose you’re developing a Project Management module.
Make separate permissions. Don’t give complete access.
Projects ├── View Projects ├── Create Projects ├── Edit Projects └── Delete Projects
This provides administrators with fine-grained control over user access.
Different roles can receive different capabilities.
Creating ACL Configuration
The first step is defining permissions within your package.
Create the following file:
packages/Webkul/Projects/src/Config/acl.php
Example configuration:
<?php
return [
[
'key' => 'projects',
'name' => 'Projects',
'route' => 'admin.projects.index',
'sort' => 1,
'children' => [
[
'key' => 'projects.view',
'name' => 'View Projects',
'route' => 'admin.projects.index',
],
[
'key' => 'projects.create',
'name' => 'Create Projects',
'route' => 'admin.projects.create',
],
[
'key' => 'projects.edit',
'name' => 'Edit Projects',
'route' => 'admin.projects.edit',
],
[
'key' => 'projects.delete',
'name' => 'Delete Projects',
'route' => 'admin.projects.delete',
],
],
],
];
This configuration creates a parent permission and four child permissions.
You can assign each permission independently.
Registering ACL Settings to Add Custom Permissions
First, define the permissions. Then, register the ACL file in your package service provider.
public function register(): void
{
$this->mergeConfigFrom(
dirname(__DIR__) . '/Config/acl.php',
'acl'
);
}
This code loads and registers the custom ACL permissions from the acl.php file.
Next, clear the application cache:
php artisan optimize:clear
This command clears cached configuration and loads the new permissions.
Your permissions will now appear under:
Settings > Roles
Administrators can assign permissions through the CRM interface.
Conclusion
Krayin CRM’s ACL system offers a strong base for securing custom modules.
It helps developers set up authorization in a clear and scalable way.
Administrators gain complete control over feature access.
Users receive a consistent experience throughout the CRM.
If you’re making a Project Management module, Help Desk solution, WhatsApp Integration, or Customer Portal, ACL should be part of your implementation strategy.
Krayin’s ACL framework helps you build secure and scalable modules. These modules are ready for enterprise use and integrate seamlessly with the Krayin CRM ecosystem.