pessek / hypecapabilities
Roles and capabilities API
Installs: 5
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:elgg-plugin
Requires
- php: >=7.1
- composer/installers: ~1.0
This package is auto-updated.
Last update: 2024-11-29 06:10:54 UTC
README
Capabilities and roles API
Registering a role
\hypeJunction->register('role_name');
Assigning a role to a user
// Site wide role elgg()->roles->assign('role_name', $user); // Group specific role elgg()->roles->assign('role_name', $user, $group);
Remove a role from a user
// Site wide role elgg()->roles->unassign('role_name', $user); // Group specific role elgg()->roles->unassign('role_name', $user, $group);
Configuring role permissions
Creating entities of a specific type
// Prevent users with given role from creating entities of a given type elgg()->roles->role_name->onCreate('object', 'blog', Role::DENY); // Allow users to create entities of a given type regardless of context elgg()->roles->role_name->onCreate('object', 'blog', Role::ALLOW, Role::OVERRIDE); // Allow users to create entities of a given type if all other container permissins are met elgg()->roles->role_name->onCreate('object', 'blog', Role::ALLOW, Role::STACK); // Allow users to create entities when specific conditions are met // Only allow group blogs elgg()->roles->role_name->onCreate('object', 'blog', Role::DENY, function(\hypeJunction\Capabilities\Context $context) { $container = $context->getTarget(); if (!$container instanceof ElggGroup) { return Role::DENY; } });
Update and delete permissions
Similar to above, you can use onUpdate
and onDelete
methods;
Granting administrative permissions
Administrative permissions imply high-level administrative action on entities, e.g. approving a certain post after moderation. By default, core does not use this privilege level, but you can check if the user has admin permissions over an entity like so:
$params = [ 'entity' => $entity, 'user' => $user, ]; if (!elgg_trigger_plugin_hook('permissions_check:administer', "$entity->type:$entity->subtype", $params, false)) { // No permissions to approve throw new EntityPermissionsException(); } // Do something that requires high level permissions, e.g. $entity->published_status = 'published';
Granting/denying admin permissions
// Prevent users with given role from creating entities of a given type // Allow moderator role to administer all blogs regardless of owner/container elgg()->roles->moderator->onAdminister('object', 'blog', Role::ALLOW, Role::OVERRIDE); // Allow users to create entities when specific conditions are met // Allow teacher to administer all group blogs elgg()->roles->teacher->canAdminister('object', 'blog', Role::ALLOW, function(\hypeJunction\Capabilities\Context $context) { $entity = $context->getTarget(); $actor = $context->getActor(); $container = $entity->getContainerEntity(); return $container->canEdit($actor->guid); });
Routes
You can allow/deny access to certain routes by route name
// Context parameter contain matched route elements // e.g. prevent access to user profile if users are not friends elgg()->roles->user->onRouteAccess('view:user', Role::DENY, function(\hypeJunction\Capabilities\Context $context) { $actor = $context->getActor(); $username = $context->getParam('username'); $user = get_user_by_username($username); if (!$actor || !$user instanceof ElggUser || !$actor->isFriendOf($user->guid)) { register_error('You must be friends to access user profiles'); return Role::DENY; } }); // Here is an example of how to prevent access to member pages to non-logged in users: elgg()->roles->guest->onRouteAccess('collection:user:user', Role::DENY); elgg()->roles->guest->onRouteAccess('collection:user:user:alpha', Role::DENY); elgg()->roles->guest->onRouteAccess('collection:user:user:newest', Role::DENY); elgg()->roles->guest->onRouteAccess('collection:user:user:online', Role::DENY); elgg()->roles->guest->onRouteAccess('collection:user:user:popular', Role::DENY); elgg()->roles->guest->onRouteAccess('search:user:user', Role::DENY); elgg()->roles->guest->onRouteAccess('view:user', Role::DENY);
Custom (component) capabilities
You can check and alter custom capabilities:
// Check a custom role elgg()->roles->can('read', 'discussions'); // Define how role responds to capability check elgg()->roles->guest->on('read', 'discussions', Role::DENY); // Override role response elgg_register_plugin_hook_handler('capability', 'read:discussions', function(Hook $hook) { });