Rapid Apps
Permissions
For security, Rapid Apps should be locked down and only usable y users who have permissions to use that app. Each user has a list of permissions that dictates which services they can access.
Permissions are enforced on the backend. Every PHP script for a particular app should check that the requesting user has the correct permission to access it. Rapid Apps provides a method to help with this.
Admins are the only users who can edit permissions. Admins also have access to all other apps, regardless if they have the relevant permission for the specific app.
Checking a user has a permission
Permissions can be checked using the must_have_permission() method from the /backend/helpers/helpers.php file.
Note: You must first import the PHP file `/backend/helpers/helpers.php`.
must_have_permission("my-app"); // Returns 403 for users without permission and not admin
must_have_permission("admin"); // Only allows admin users