Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

AHMADJAN-New/nazim-permissions

Name: nazim-permissions
Author: AHMADJAN-New

.cursor/skills/nazim-permissions/SKILL.md

npx skillsauth add AHMADJAN-New/nazim-web nazim-permissions

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Nazim Permissions

The app uses Spatie Laravel Permission with organization scoping. Use permission checks only — not profiles.role or role-based fallbacks.

Permission Name Format

Pattern: {resource}.{action} — no prefixes
Correct: classes.read, subjects.create, timetables.read, schedule_slots.update, exams.read
Wrong: academic.classes.read, academic.subjects.create
Resource: Matches resource name (e.g. resource='classes' for name='classes.read')

Frontend

useUserPermissions

Query permissions via Laravel API; backend returns roles + direct permissions
Enabled: !!profile?.organization_id && !orgsLoading — use organization_id, NOT role
Query key: ['user-permissions', profile?.organization_id, profile?.default_school_id ?? null, profile?.id, orgIds.join(',')]
profiles.role is deprecated; roles come from Spatie model_has_roles
Both hooks are in @/hooks/usePermissions (useUserPermissions, useHasPermission)

useHasPermission

Use for menu and feature visibility:

const hasBuildingsPermission = useHasPermission('buildings.read');
// Only show if user has permission
...(hasBuildingsPermission ? [{ title: "Buildings Management", url: "/settings/buildings", icon: Building2 }] : []),

Navigation Rules

Permission-only: Use useHasPermission('resource.action') for all visibility
No role fallbacks: Remove isSuperAdmin || role === 'admin' checks
Hide empty menus: Hide parent if no children are visible
Show parent if any child visible: Show menu if at least one child has permission

Backend

Check with $user->hasPermissionTo('resource.action'); organization context is set by EnsureOrganizationAccess middleware (setPermissionsTeamId).
Create global permissions with organization_id = NULL; organization-specific with organization_id = UUID.
Assign to roles via role_has_permissions; per-user overrides via model_has_permissions (Spatie checks direct first, then role).

Checklist

[ ] Permission names use resource.action (no prefix)
[ ] Menu visibility uses useHasPermission(), not role
[ ] useUserPermissions enabled by organization_id, not role
[ ] Backend uses hasPermissionTo('resource.action')

Additional Resources

Permission assignment SQL and common permission names: reference.md

AHMADJAN-New/nazim-permissions

.cursor/skills/nazim-permissions/SKILL.md

Spatie permission patterns for Nazim main app. Use when adding permissions, menu visibility, or backend permission checks. Covers permission name format, useHasPermission, useUserPermissions, no role fallbacks.

development

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add AHMADJAN-New/nazim-web nazim-permissions

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 16, 2026, 10:49 PM4.3s2 files scanned

SKILL.md

name:: nazim-permissions
description:: Spatie permission patterns for Nazim main app. Use when adding permissions, menu visibility, or backend permission checks. Covers permission name format, useHasPermission, useUserPermissions, no role fallbacks.

Nazim Permissions

The app uses Spatie Laravel Permission with organization scoping. Use permission checks only — not profiles.role or role-based fallbacks.

Permission Name Format

Pattern: {resource}.{action} — no prefixes
Correct: classes.read, subjects.create, timetables.read, schedule_slots.update, exams.read
Wrong: academic.classes.read, academic.subjects.create
Resource: Matches resource name (e.g. resource='classes' for name='classes.read')

Frontend

useUserPermissions

Query permissions via Laravel API; backend returns roles + direct permissions
Enabled: !!profile?.organization_id && !orgsLoading — use organization_id, NOT role
Query key: ['user-permissions', profile?.organization_id, profile?.default_school_id ?? null, profile?.id, orgIds.join(',')]
profiles.role is deprecated; roles come from Spatie model_has_roles
Both hooks are in @/hooks/usePermissions (useUserPermissions, useHasPermission)

useHasPermission

Use for menu and feature visibility:

const hasBuildingsPermission = useHasPermission('buildings.read');
// Only show if user has permission
...(hasBuildingsPermission ? [{ title: "Buildings Management", url: "/settings/buildings", icon: Building2 }] : []),

Navigation Rules

Permission-only: Use useHasPermission('resource.action') for all visibility
No role fallbacks: Remove isSuperAdmin || role === 'admin' checks
Hide empty menus: Hide parent if no children are visible
Show parent if any child visible: Show menu if at least one child has permission

Backend

Check with $user->hasPermissionTo('resource.action'); organization context is set by EnsureOrganizationAccess middleware (setPermissionsTeamId).
Create global permissions with organization_id = NULL; organization-specific with organization_id = UUID.
Assign to roles via role_has_permissions; per-user overrides via model_has_permissions (Spatie checks direct first, then role).

Checklist

[ ] Permission names use resource.action (no prefix)
[ ] Menu visibility uses useHasPermission(), not role
[ ] useUserPermissions enabled by organization_id, not role
[ ] Backend uses hasPermissionTo('resource.action')

Additional Resources

Permission assignment SQL and common permission names: reference.md

Related Skills

AHMADJAN-New/nazim-toast

tools

VerifiedTrustedCommunity

Toast notifications for Nazim. Use when showing success/error/info messages. ALWAYS use showToast from @/lib/toast with translation keys; never toast from sonner directly. RTL positioning is automatic.

SKILL.mdUpdated Apr 16, 2026

AHMADJAN-New/nazim-toast

AHMADJAN-New/nazim-status-badges

tools

VerifiedTrustedCommunity

Enforces status badge patterns for Nazim UI. Use when displaying status in tables, cards, or dialogs. Covers Badge variants, semantic colors, statusBadgeVariant, statusOptions with color.

SKILL.mdUpdated Apr 16, 2026

AHMADJAN-New/nazim-status-badges

AHMADJAN-New/nazim-responsive

development

VerifiedTrustedCommunity

Enforces mobile-first responsive patterns for Nazim UI. Use when building pages, tables, forms, charts, or buttons. Covers page container, FilterPanel, tabs, grids, tables, charts, cards, buttons.

SKILL.mdUpdated Apr 16, 2026

AHMADJAN-New/nazim-responsive

AHMADJAN-New/nazim-reports

development

VerifiedTrustedCommunity

PDF and Excel report generation for Nazim. Use when adding or changing reports. Backend uses ReportService and ReportConfig; frontend uses useServerReport. Covers branding, DateConversionService, RTL, acceptance criteria.

SKILL.mdUpdated Apr 16, 2026

AHMADJAN-New/nazim-reports

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/AHMADJAN-New/nazim-web.git

# Copy into Claude Code skills folder (global)
cp -r nazim-web/.cursor/skills/nazim-permissions ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

AHMADJAN-New/nazim-web

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT