• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Admin Permissions

Mythotical

Well-known member
#1
I'll come right out and ask specifically about Admin Permissions.

I'm having a huge issue with getting mine to work. I'm sure it is due to me being a Super Admin but I'm trying to figure out why the following codes won't work.

PHP:
$canManage = $visitor->hasAdminPermission('xfpoints_manage_points');
PHP:
$canManage = $visitor->hasAdminPermission('xfPoints', 'xfpoints_manage_points');
I have double checked the permission group ID and permission ID.

Trying to use it in admin templates and I really hope it is because I'm a Super Admin, which I'm going to test now.
 

xf_phantom

Well-known member
#2
1. your second code can't work, look at the arguments....
2. why not just open the method to see what it's doing.....

PHP:
  /**
    * Determines if the current user has the specified admin permission.
    *
    * @param string $permissionId
    *
    * @return boolean
    */
   public function hasAdminPermission($permissionId)
   {
     if (empty($this->_user['user_id']) || empty($this->_user['is_admin']))
     {
       return false;
     }

     if ($this->isSuperAdmin())
     {
       return true;
     }

     if (!is_array($this->_adminPermissions))
     {
       $this->_adminPermissions = XenForo_Model::create('XenForo_Model_Admin')->getAdminPermissionCacheForUser(
         $this->_user['user_id']
       );
     }
     return !empty($this->_adminPermissions[$permissionId]);
   }
 

Mythotical

Well-known member
#3
Because I have been down that road. The problem is neither are working and I added these options but no method to keep users from bypassing by just entering the address directly.
 

Bob

Well-known member
#7
I just add preDispatch checks in my Admin Controllers.

PHP:
    protected function _preDispatch($action)
    {
        $this->assertAdminPermission('manageAddonName');
    }
 

Mythotical

Well-known member
#8
I have the preDispatch but never understood it but I think I do.

Can I do this?
PHP:
protected function _preDispatch($action)
{
  $this->assertAdminPermission('xfpoints_manage_points');
  $this->assertAdminPermission('xfpoints_gift_points');
}