XF 2.2 Applying default permissions in Setup.php file

[asprin]

My addon has a permission group defined. When the addon is installed, how do I ensure that the "Admintrative/Administrator" get the required permissions by default?

 

[tofia]

As far as I know this is not possible by permission definitions. You could add the permission through the entity manager in your installation class and then rebuild the permissions using the UpdatePermissions service.

 

[nocte]

You have to do this in your Setup.php. You can also use the Standard Library by @Xon to save some writing.

Standard Library by Xon

A number of helper utilities designed to ease add-on development, does not have any direct user-facing changes. See README.md for additional details. Uploaded to the resource manager to aid dependency tracking and allow updating without updating...

xenforo.com

Look at SV\StandardLib\InstallerHelper::applyGlobalPermissionByGroup

 

[tofia]

Something quick (didn't test tho):

public function installStep1337()
{
   $permission = \XF::em()->create('XF:PermissionEntry');
   $permission->set('user_group_id', 3); // 3 for admin
   $permission->set('permission_group_id', 'asppbfoo');
   $permission->set('permission_id', 'manageFoo');
   $permission->set('permission_value', 'allow');
   $permission->set('permission_value_int', 0);
   $permission->save();

   $this->rebuildPermissions();
}

protected function rebuildPermissions()
{
    /** @var \XF\Service\UpdatePermissions $permissionUpdater */
    $permissionUpdater = \XF::service('XF:UpdatePermissions');
    $permissionUpdater->updatePermissions([]);

    /** @var \XF\Repository\PermissionCombination $permComboRepo */
    $permComboRepo = \XF::repository('XF:PermissionCombination');

    $missing = $permComboRepo->insertGuestCombinationIfMissing();
    if ($missing)
    {
        $this->app->jobManager()->enqueueUnique('permissionRebuild', 'XF:PermissionRebuild');
    }

    /** @var \XF\Repository\PermissionEntry $permEntryRepo */
    $permEntryRepo = \XF::repository('XF:PermissionEntry');

    $permEntryRepo->deleteOrphanedGlobalUserPermissionEntries();
    $permEntryRepo->deleteOrphanedContentUserPermissionEntries();

    $permComboRepo->deleteUnusedPermissionCombinations();
}

 

[tofia]

You can also use the Standard Library by @Xon to save some writing.

Well, this seems much easier...

 

[Xon]

Have a look at how postUpgrade/applyDefaultPermissions are implemented in: https://github.com/Xon/XenForo2-Ale...oad/src/addons/SV/AlertImprovements/Setup.php

It is something like the following:

public function installStep3(): void
{
    $this->applyDefaultPermissions(0);
}

public function postUpgrade($previousVersion, array &$stateChanges): void
{
    $previousVersion = (int)$previousVersion;
    if ($this->applyDefaultPermissions($previousVersion))
    {
        \XF::app()->jobManager()->enqueueUnique('permissionRebuild', \XF\Job\PermissionRebuild::class, [], true);
    }
}

protected function applyDefaultPermissions(int $previousVersion): bool
{
    $applied = false;

    if ($previousVersion < 1695694020)
    {
        $this->applyGlobalPermissionByGroup('general', 'svCustomizeAdvAlertPrefs', [
            \XF\Entity\User::GROUP_REG,
            \XF\Entity\User::GROUP_MOD,
            \XF\Entity\User::GROUP_ADMIN,
        ]);

        $applied = true;
    }

    return $applied;
}

This sets up permissions on install (where a premission rebuild will be done for you), and then supports applying new permission on various upgrade steps and triggering a permission rebuild if required.

 

[asprin]

Look at SV\StandardLib\InstallerHelper::applyGlobalPermissionByGroup

I would rather not have any dependency with other add-ons.

Have a look at how postUpgrade/applyDefaultPermissions are implemented in: https://github.com/Xon/XenForo2-Ale...oad/src/addons/SV/AlertImprovements/Setup.php

Is the applyGlobalPermissionByGroup() function native to XF or is it a part of SV's addon? I'm guessing it's the latter since I do not find that function in XF\AddOn\AbstractSetup class

 

[asprin]

As far as I know this is not possible by permission definitions

Yep, I'm aware of that. Like I mentioned in the title, I'm aiming to do this in the Setup.php file itself.

 

[nocte]

Is the applyGlobalPermissionByGroup() function native to XF or is it a part of SV's addon?

It is part of the Standard Library by Xon:

XenForo2-StandardLib/upload/src/addons/SV/StandardLib/InstallerHelper.php at aa5a194caf16f4b0d5a21e463ac93a7fe14872a9 · Xon/XenForo2-StandardLib

A number of helper utilities designed to ease add-on development - Xon/XenForo2-StandardLib

github.com

 

[asprin]

Something quick (didn't test tho):

I'll try this out and let you know. Thanks.

It is part of the Standard Library by Xon

Oh okay. Then it's not something I would prefer to do.

 

[Jeremy P]

There are some core methods in \XF\Install\InstallHelperTrait, namely applyGlobalPermission, applyGlobalPermissionInt, applyContentPermission, and applyAdminPermission. They take a permission and apply it to groups which have an existing permission.

For example, to give a permission to each group which has the post thread permission:

$this->applyGlobalPermission(
    'yourGroup',
    'yourPermission',
    'forum',
    'postThread'
);

// ...

// only necessary on upgrade
$this->app()->jobManager()->enqueueUnique(
    'permissionRebuild',
    \XF\Job\PermissionRebuild::class,
    [],
    false
);

You'd generally place them in a method and then call that in an install step and within postUpgrade (the latter guarded by a $previousVersion check).

 

[Robert9]

What i do wrong here, please?

    public function installStep2()
    {
        $tags = [
            'cat',
            'dog',
        ];
        foreach ($tags as $tag) {
            $this->applyAdminPermission('xc_regex', 'useTag' . ucfirst($tag));
        }
    }

 

[Jeremy P]

Per my post above, that would apply the admin permission xc_regex to users/groups/etc. who already have the useTagCat or useTagDog permissions.

 

[Robert9]

Thank you, i don't understand your text.
Can you tell me what is wrong with my code?
The permissions are not set.
I only need admin permissions.

 

[Jeremy P]

I can’t say anything I haven’t already said. The method sets them based on an existing permission. Pass your new permission as the first argument and an existing permission as the second argument.