1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How Do I check Permissions from Controller?

Discussion in 'XenForo Development Discussions' started by Mikey, May 24, 2011.

  1. Mikey

    Mikey Well-Known Member

    I've searched the Development Questions / Development Tutorials forums, and all I've found is posts which say I should check permissions from the Model..

    My Add on doesn't have a Model for the simple reason that it doesn't need one. I need to check if the user is an admin from the controller. I don't know how to do this..

    Going back to the model thing, I suppose I could call from the User Model to check permissions from there with XenForo_Permission:: - but I'm still unsure of the general route I should be taking from there, could anyone help me out by shedding some light?

    Thanks :D

  2. Martin Aronsen

    Martin Aronsen Active Member

    They do this in the controller for the SpamCleaner.
    if (!XenForo_Visitor::getInstance()->hasPermission('general', 'cleanSpam'))
    I'm learning xF as we speak, so that may not be what you're after.
    Dadparvar and Mikey like this.
  3. Mikey

    Mikey Well-Known Member

    I'll try that one out, cheers :LOL:

    I'm *always* learning xF :D

    (btw, nice to see you here too :p)
    Martin Aronsen likes this.
  4. Mikey

    Mikey Well-Known Member

    Okay, it was

    if (XenForo_Visitor::getInstance()->hasAdminPermission('option'))
    which I was looking for.

    Thanks for setting me on the right track, Martin! I should have looked in /XenForo/Visitor.php to begin with.
  5. Kier

    Kier XenForo Developer Staff Member

    Strictly speaking you're kinda breaking MVC principles by checking permissions in the controller rather than handing it off to a model.

    It's always possible to say that a controller doesn't need a model for its interactions, but by taking that route you seriously limit the extensibility of your code (don't forget that there is no reason why an add-on could not be an add-on for another add-on, rather than the XenForo core) and potentially make future maintenance more difficult.

    XenForo is built on a principle of small and light controllers with heavy models, and all the caching mechanisms are set up with that idea in mind, so I'd recommend creating a model even if it contains only a couple of methods.

    All that said, so long as your code works, there's no real problem :)
    Mikey and ragtek like this.
  6. ragtek

    ragtek Guest

    I agree, BUT you should mention that there are some scenarios, where it's better to check direct in the controller (for example if the whole controller is only for admins, the coder should use the _preDispatch() method...)
    class Ragtek_HSBB_ControllerPublic_Edit extends XenForo_ControllerPublic_Abstract

        public function 
            if (!
    XenForo_Visitor::getInstance()->hasAdminPermission('option')) {

        public function 
    Here are "many" coders which started coding and now they do only the things people write here, even it's not the best way^^
    Kier likes this.
  7. Mikey

    Mikey Well-Known Member

    thanks for the insights Kier and Ragtek, I'll revisit my code later to see if I can either add a _preDispatch action, or a model. :) After all, I want it to conform to XenForo standards :D

Share This Page