Skip to content

6) Permissions and Access Control

Jump to bottom Edit New page
Sanwebe edited this page May 29, 2017 · 7 revisions

Permissions is the most important part of Aauth.
In Aauth you can set permissions of a group or a specified user(new feature in V2).

Permission mechanizm works like Linux systems.

  1. Aauth firstly checks if user has permission
  2. if user doesn't have permission, then checks user's all groups

create_perm($perm_name, $definition='')

creates new permission rule and returns new permissions id

get_perm_id($perm_name)

returns Permission id or NULL if perm does not exist

update_perm($perm_id, $perm_name, $definition=false)

updates permission

delete_perm($perm_id)

removes a permission. Be careful.

control($perm_par = false)

It is a special function which control if a current user has permission (described below) for given permisiion rule to see page. $perm_parm can be id or name of rule. If user doesn't have permission, it stops the execution of script and shows a message (can be changed from config file) If user has permission, it updates user's last activity date-time if perm_par is not given just control user logged in or not and returns true/false

i recommend you to use this function inside every contollers' constructer.

For example to control access of a user for permission rule with id 5

$this->aauth->control(5)

to control 'bla' permission

$this->aauth->control('bla')

is_allowed($perm_par, $user_id=false)

Check if user allowed to do specified action, admin always allowed. First checks user permissions then check group permissions if $user_id is not given, it checks the loggedin user.

Example to check a user with id 33 has permission to print_report or not returns true or false

$this->aauth->is_allowed(33,"print_report");

is_group_allowed($perm_par, $group_par=false)

checks if a group has permissions for given permition rule
if group_par is empty function checks all groups of current user if one of them has permission, it returns true admin authorized for anything

to check if current user has permission for 'new_message'.
This will checks all groups of current user and if at least one of group has permission, it will return true.

$this->aauth->is_group_allowed('new_message')

to check if 'mod' has permission for 'new_message'

$this->aauth->is_group_allowed('new_message', 'mod')

to check if not logged users has permissions for rule with id=4

$this->aauth->is_group_allowed(4, 'public')

to check if group with id=3 has permissions for rule with id=2

$this->aauth->is_group_allowed(2,3)

allow_user($user_id, $perm_par)

allow just a user to access given permission rule. perm_par can be id or permission name.

to give permission to user with id 33 for 'comment'

$this->aauth->allow_user(33, 'public');

or with permission id (23)

$this->aauth->allow_user(33, 23);

deny_user($user_id, $perm_par)

Remove user from permission

allow_group($group_par, $perm_par)

allow a group (members of a group) to access given permission rule. group_par and perm_par can be id or name.

to give permission to public for 'comment'

$this->aauth->allow_group('public', 'comment')

to give mods the permsiison with id=3

$this->aauth->allow_group('mod', 3)

deny_group($group_par, $perm_par)

denying in Aauth means not having permissions. Users are denied as long as permission is not given

to take back permission (to deny) from public for 'comment'

$this->aauth->deny_group('comment', 'public')

list_perms()

Returns an object consist of list of permissions

get_perm_id($perm_par)

returns permission id

Aauth V2 Wiki created by emreakay.com

Aauth Version 2 has been released

Some functions has changed. Dont forget to scan the new features and functions from Wiki

Clone this wiki locally