1
onokazu
Adding the group permission feature to your module
  • 2003/9/19 5:18

  • onokazu

  • XOOPS Founder

  • Posts: 617

  • Since: 2001/12/13


Adding the group permission feature to your module

Requirements

XOOPS 2.0.4

or

XOOPS 2.0.x plus the following files:
/class/xoopsform/grouppermform.php
/modules/system/admin/groupperm.php
/include/functions.php included in 2.0.4


Admin side

Adding Permissions

Some initial settings
include '../../../include/cp_header.php';
include_once 
XOOPS_ROOT_PATH.'/class/xoopsform/grouppermform.php';
$module_id $xoopsModule->getVar('mid');


A list of items that we will be setting permissions to.
In most cases, this should be retrieved from DB. We use a static array here just for exemplification.
$item_list = array('1' => 'Category 1''2' => 'Category 2''3' => 'Category 3');


The title of the group permission form
$title_of_form 'Permission form for my module';


The name of permission which should be unique within the module
$perm_name 'Category Permission';


A short description of this permission
$perm_desc 'Select categories that each group is allowed to view';


Create and display the form
$form = new XoopsGroupPermForm($title_of_form$module_id$perm_name$perm_desc);
foreach (
$item_list as $item_id => $item_name) {
    
$form->addItem($item_id$item_name);
}
echo 
$form->render();


This will then display a form like below:

Resized Image

Permission settings submitted via the form will be stored in DB automatically by /modules/system/admin/groupperm.php.


Deleting Permissions

One final thing you need to do: whenever you delete an item from your module (e.g. delete a category, delete a topic), you need to delete all group permissions for this item.

You can do so with this function call:

xoops_groupperm_deletebymoditem ($module_id, $perm_name, $item_id);

$module_id -- Module ID (required)
$perm_name -- Name of permission (optional)
$item_id -- ID of a deleted item (optional)



User Side

Suppose that a user requests the contents of a category via the HTTP GET method. The variable $_GET['category_id'] will be used to identify the requested category.

Specify the permission we are going to check for. This must be one of the permission names created on the admin side.
$perm_name 'Category Permission';


The unique id of an item to check permissions for.
$perm_itemid intval($_GET['category_id']);


Get group ids that the current user belongs to.
if ($xoopsUser) {
    
$groups $xoopsUser->getGroups();
} else {
    
$groups XOOPS_GROUP_ANONYMOUS;
}


Get the current module ID.
$module_id $xoopsModule->getVar('mid');


Get the group permission handler.
$gperm_handler =& xoops_gethandler('groupperm');


Now check if the current user has access to the category by calling the checkRight() method of the handler class.
if ($gperm_handler->checkRight($perm_name$perm_itemid$groups$module_id)) {

    
// allowed, so display contents within the category

} else {

    
// not allowed, display an error message or redirect to another page

}




Advanced Topic

If the items that need to check permissions for have a parent-child tree structure, a parent ID for each of the items must be supplied as the 3rd parameter of the XoopsGroupForm::addItem() method.
By doing so the XoopsGroupForm class will generate a form with each items displayed in a tree view. It also ensures that a permission to an item is not added without giving the same permission to all of the parent items for that item.

Suppose that our categories have the following tree structure:

Category 1 (ID: 1)
--- Category 2 (ID: 2)
------ Category 3 (ID: 3)
------ Category 4 (ID: 4)
--------- Category 6 (ID: 6)
--- Category 5 (ID: 5)
------ Category 8 (ID: 8)
Category 7 (ID: 7)
--- Category 9 (ID: 9)
------ Category 14 (ID: 14)
Category 10 (ID: 10)
--- Category 11 (ID: 11)
--- Category 13 (ID: 13)
Category 12 (ID: 12)

The category structure above can be represented with an array as below:
$categories[1] = array('name' => 'Category 1''parent' => 0);
$categories[2] = array('name' => 'Category 2''parent' => 1);
$categories[3] = array('name' => 'Category 3''parent' => 2);
$categories[4] = array('name' => 'Category 4''parent' => 2);
$categories[5] = array('name' => 'Category 5''parent' => 1);
$categories[6] = array('name' => 'Category 6''parent' => 4);
$categories[7] = array('name' => 'Category 7''parent' => 0);
$categories[8] = array('name' => 'Category 8''parent' => 5);
$categories[9] = array('name' => 'Category 9''parent' => 7);
$categories[10] = array('name' => 'Category 10''parent' => 0);
$categories[11] = array('name' => 'Category 11''parent' => 10);
$categories[12] = array('name' => 'Category 12''parent' => 0);
$categories[13] = array('name' => 'Category 13''parent' => 10);
$categories[14] = array('name' => 'Category 14''parent' => 9);


When we add an item entry to the group permission form, we must supply its parent ID as the 3rd parameter
foreach ($categories as $cat_id => $cat_data)
{
    
$form->addItem($cat_id$cat_data['name'], $cat_data['parent']);
}


This will then generate a form like below:

Resized Image

When the form is submitted, the submitted data will be validated so that a permission to an item is not granted without giving the same permission to all the parent items of that item. The validation is done in both the client side (javascript) and the server side (php). Therefore on the user side of the module, there is no need to check permission for all the parent items of a requested item, but only for that requested item.


2
GIJOE
Re: Adding the group permission feature to your module
  • 2003/9/19 6:51

  • GIJOE

  • Quite a regular

  • Posts: 265

  • Since: 2003/8/13


This feature is very useful for module developpers.
Thanks!

3
pemen
Re: Adding the group permission feature to your module
  • 2003/9/19 8:31

  • pemen

  • Not too shy to talk

  • Posts: 186

  • Since: 2002/7/8 7


Excellent. Very Excellent

I asked for this functionnality few months ago.

Quote:

Extended Permission system
Hi,
For the moment the permission system is only for user/groups modules and blocs.
I think i would be a good idea to add a generic permission system or (ACL) to work with anything.
For example, actually i develop a module in XOOPS 2. There is the XOOPS base permission system to affect blocs/modules to a user or a group. But in my module I need to have a fine permission to access data in the module. For example in a screen I would like to hide a value for a use and show it for another.
So, I integrate my own acl function in addition with the XOOPS permission. My acl is based on the user actually connected so I think a genric ACL system in the XOOPS Core would be very good.
You can see a good implementation of a generic ACL here :
http://phpgacl.sourceforge.net/


Very pleased that this functionnality was add to XOOPS.

4
onokazu
Re: Adding the group permission feature to your module
  • 2003/9/19 9:46

  • onokazu

  • XOOPS Founder

  • Posts: 617

  • Since: 2001/12/13


The same doc can be found here at wiki.xoops.org

5
onokazu
Re: Adding the group permission feature to your module
  • 2003/9/19 9:55

  • onokazu

  • XOOPS Founder

  • Posts: 617

  • Since: 2001/12/13


I've just noticed that the length of a permission name can not exceed 50 characters.

6
lubdub
Re: Adding the group permission feature to your module
  • 2003/9/21 16:34

  • lubdub

  • Just popping in

  • Posts: 64

  • Since: 2002/2/28


Excellent feature, and very clear explanations, what could we ask more?

(oh, maybe my holy grail? Do you plan to use it for newbb? Ooooh, yeah group permissions for forums!! Pleaaaaaase )

7
Catzwolf
Re: Adding the group permission feature to your module
  • 2003/9/21 16:46

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


Quote:

lubdub wrote:
Excellent feature, and very clear explanations, what could we ask more?

(oh, maybe my holy grail? Do you plan to use it for newbb? Ooooh, yeah group permissions for forums!! Pleaaaaaase )


We plan to use this for most modules and as you may well know, we plan to totally upgrade newbb in the future.

8
emmanuel
Re: Adding the group permission feature to your module
  • 2003/9/23 14:27

  • emmanuel

  • Just popping in

  • Posts: 2

  • Since: 2003/9/23


excelent feature..

but I have a question:
members of administrator group have always all permissions?
I've added the group permission feature to my module, and if I desactive(for testing purposes) one permission for me (administrator) in the control panel, CheckRight() still returns true in the user side...
But it seem that everything is working fine for the others groups...
any clue?

thanks

9
onokazu
Re: Adding the group permission feature to your module
  • 2003/9/23 16:56

  • onokazu

  • XOOPS Founder

  • Posts: 617

  • Since: 2001/12/13


Yes, members of the webmasters group have access to any area within your site, just like a root user.

10
archie
Re: Adding the group permission feature to your module
  • 2003/10/10 16:35

  • archie

  • Just popping in

  • Posts: 2

  • Since: 2003/10/10


Hello, I am new to xoops. Would like to know were I would add this for the permissions on the downloads. Not sure which file I would edit to do this.

Thanks in advance

Login

Who's Online

452 user(s) are online (331 user(s) are browsing Support Forums)


Members: 0


Guests: 452


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits