Authorization and authentication usually come together, but are different. Authentication is the process of verifying who you are usually in the form of signing in or logging in, while authorization is the process of verifying what you can do in the application. Leaf Auth now comes with a built-in way to manage what users can do in your application using roles and permissions.
Once that's done, you can get started creating your roles and permissions, but first, let's understand how roles and permissions relate to your users.
Leaf's authorization system works strictly based on a user role system meaning that users can only have roles, while all the permissions you want to grant to users are attached to roles. Users cannot be assigned permissions directly, and those permissions cannot be revoked from users directly. To assign any permission to a user, you must attach that permission to a role and then assign that role to the user.
To create roles and assign permissions to them, you can use the createRoles() method on the Auth class. This method takes an array of roles and their permissions as an argument. Here's an example: