Adding the group permission feature to your moduleRequirementsXOOPS 2.0.4
or
XOOPS 2.0.x plus the following files:
/class/xoopsform/grouppermform.php
/modules/system/admin/groupperm.php
/include/functions.php included in 2.0.4
Admin sideAdding PermissionsSome initial settings
include '../../../include/cp_header.php';
include_once XOOPS_ROOT_PATH.'/class/xoopsform/grouppermform.php';
$module_id = $xoopsModule->getVar('mid');
A list of items that we will be setting permissions to.
In most cases, this should be retrieved from DB. We use a static array here just for exemplification.
$item_list = array('1' => 'Category 1', '2' => 'Category 2', '3' => 'Category 3');
The title of the group permission form
$title_of_form = 'Permission form for my module';
The name of permission which should be unique within the module
$perm_name = 'Category Permission';
A short description of this permission
$perm_desc = 'Select categories that each group is allowed to view';
Create and display the form
$form = new XoopsGroupPermForm($title_of_form, $module_id, $perm_name, $perm_desc);
foreach ($item_list as $item_id => $item_name) {
$form->addItem($item_id, $item_name);
}
echo $form->render();
This will then display a form like below:
Permission settings submitted via the form will be stored in DB automatically by /modules/system/admin/groupperm.php.
Deleting PermissionsOne final thing you need to do: whenever you delete an item from your module (e.g. delete a category, delete a topic), you need to delete all group permissions for this item.
You can do so with this function call:
xoops_groupperm_deletebymoditem ($module_id, $perm_name, $item_id);
$module_id -- Module ID (required)
$perm_name -- Name of permission (optional)
$item_id -- ID of a deleted item (optional)
User SideSuppose that a user requests the contents of a category via the HTTP GET method. The variable $_GET['category_id'] will be used to identify the requested category.
Specify the permission we are going to check for. This must be one of the permission names created on the admin side.
$perm_name = 'Category Permission';
The unique id of an item to check permissions for.
$perm_itemid = intval($_GET['category_id']);
Get group ids that the current user belongs to.
if ($xoopsUser) {
$groups = $xoopsUser->getGroups();
} else {
$groups = XOOPS_GROUP_ANONYMOUS;
}
Get the current module ID.
$module_id = $xoopsModule->getVar('mid');
Get the group permission handler.
$gperm_handler =& xoops_gethandler('groupperm');
Now check if the current user has access to the category by calling the checkRight() method of the handler class.
if ($gperm_handler->checkRight($perm_name, $perm_itemid, $groups, $module_id)) {
// allowed, so display contents within the category
} else {
// not allowed, display an error message or redirect to another page
}
Advanced TopicIf the items that need to check permissions for have a parent-child tree structure, a parent ID for each of the items must be supplied as the 3rd parameter of the XoopsGroupForm::addItem() method.
By doing so the XoopsGroupForm class will generate a form with each items displayed in a tree view. It also ensures that a permission to an item is not added without giving the same permission to all of the parent items for that item.
Suppose that our categories have the following tree structure:
Category 1 (ID: 1)
--- Category 2 (ID: 2)
------ Category 3 (ID: 3)
------ Category 4 (ID: 4)
--------- Category 6 (ID: 6)
--- Category 5 (ID: 5)
------ Category 8 (ID: 8)
Category 7 (ID: 7)
--- Category 9 (ID: 9)
------ Category 14 (ID: 14)
Category 10 (ID: 10)
--- Category 11 (ID: 11)
--- Category 13 (ID: 13)
Category 12 (ID: 12)
The category structure above can be represented with an array as below:
$categories[1] = array('name' => 'Category 1', 'parent' => 0);
$categories[2] = array('name' => 'Category 2', 'parent' => 1);
$categories[3] = array('name' => 'Category 3', 'parent' => 2);
$categories[4] = array('name' => 'Category 4', 'parent' => 2);
$categories[5] = array('name' => 'Category 5', 'parent' => 1);
$categories[6] = array('name' => 'Category 6', 'parent' => 4);
$categories[7] = array('name' => 'Category 7', 'parent' => 0);
$categories[8] = array('name' => 'Category 8', 'parent' => 5);
$categories[9] = array('name' => 'Category 9', 'parent' => 7);
$categories[10] = array('name' => 'Category 10', 'parent' => 0);
$categories[11] = array('name' => 'Category 11', 'parent' => 10);
$categories[12] = array('name' => 'Category 12', 'parent' => 0);
$categories[13] = array('name' => 'Category 13', 'parent' => 10);
$categories[14] = array('name' => 'Category 14', 'parent' => 9);
When we add an item entry to the group permission form, we must supply its parent ID as the 3rd parameter
foreach ($categories as $cat_id => $cat_data)
{
$form->addItem($cat_id, $cat_data['name'], $cat_data['parent']);
}
This will then generate a form like below:
When the form is submitted, the submitted data will be validated so that a permission to an item is not granted without giving the same permission to all the parent items of that item. The validation is done in both the client side (javascript) and the server side (php). Therefore on the user side of the module, there is no need to check permission for all the parent items of a requested item, but only for that requested item.
