PermissionService
This service provides methods for resolving permissions.
Methods¶
canUser()
¶
Indicates if the current user is allowed to perform an action given by the function on the given objects.
|
|
|
Example: canUser( 'content', 'edit', $content, [$location] ); This will check edit permission on content given the specific location, if skipped if will check on all locations.
Example2: canUser( 'section', 'assign', $content, [$section] ); Check if user has access to assign $content to $section.
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
| $module | string | - |
The module, aka controller identifier to check permissions on |
| $function | string | - |
The function, aka the controller action to check permissions on |
| $object | ValueObject | - |
The object to check if the user has access to |
| $targets | array<string|int, ValueObject> | [] |
An array of location, parent or "assignment" value objects |
Return values
bool
Tags
getCurrentUserReference()
¶
Get current user reference.
|
|
|
Return values
getPermissionsCriterion()
¶
Get criteria representation for a permission.
|
|
|
Will return a criteria if current user has limited access to the given module/function, however if user has either full or no access then boolean is returned.
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
| $module | string | 'content' | - |
| $function | string | 'read' | - |
| $targets | array<string|int, mixed>|null | null | - |
Return values
bool|Criterion
getQueryPermissionsCriterion()
¶
Get composite Criterion for Querying permissions.
|
|
|
MatchAll and MatchNone are returned for a user with full and no access respectively.
Return values
hasAccess()
¶
Low level permission function: Returns boolean value, or an array of limitations that user permission depends on.
|
|
|
Note: boolean value describes full access (true) or no access at all (false), array can be seen as a maybe..
WARNING: This is a low level method, if possible strongly prefer to use canUser() as it is able to handle limitations. This includes Role Assignment limitations, but also future policy limitations added in kernel, or as plain user configuration and/or extending the system.
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
| $module | string | - |
The module, aka controller identifier to check permissions on |
| $function | string | - |
The function, aka the controller action to check permissions on |
| $userReference | UserReference|null | null |
User for which the information is returned, current user will be used if null |
Return values
bool|array<string|int, mixed>
if limitations are on this function an array of limitations is returned
Tags
lookupLimitations()
¶
|
|
|
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
| $module | string | - |
The module, aka controller identifier to check permissions on |
| $function | string | - |
The function, aka the controller action to check permissions on |
| $object | ValueObject | - |
The object to check if the user has access to |
| $targets | array<string|int, ValueObject> | [] |
An array of location, parent or "assignment" value objects |
| $limitationsIdentifiers | array<string|int, string> | [] |
An array of Limitations identifiers to filter from all which will pass |
Return values
Tags
setCurrentUserReference()
¶
Sets the current user to the given $user.
|
|
|
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
| $userReference | UserReference | - | - |