• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

How to set default values for permissions?

rugk

Active member
#1
How to set default values for permissions - preferable at install time?

I just want to prevent users of my addon to wonder why something does not work when they did not set up the permissions.
 

Chris D

XenForo developer
Staff member
#2
I believe you have an RM license. This sets default permissions on install.

It handles it by giving certain permissions to users who already have certain XF permissions.
 

rugk

Active member
#3
RM license? What?

So to prevent misunderstandings: I have added some custom permissions in my addon. Obviously they are also set to "Not set" after installing.
So I would like to change these defaults, so that they are for example all set to "Allow" for registered users after installing.
 

Chris D

XenForo developer
Staff member
#4
Resource Manager. One of our add ons. We set some default permissions during install. It's a good example of how to do the same thing.
 

Chris D

XenForo developer
Staff member
#6
Well the simple explanation is you insert the permission entries manually into the database with database queries.
 

Chris D

XenForo developer
Staff member
#8
I wouldn't necessarily call it hackish. Permissions are little more than entries in a database and that's all that is required.

Best thing to do is look at the relevant permission tables. Look at the content of these tables before setting the permission on a group, and after and that is basically what you need to insert via your installer.

I am being deliberately vague because I am on my phone at the moment.
 

Jake B.

Well-known member
#9
Here's the method the RM uses to insert default permission states:

PHP:
    public static function applyGlobalPermission($applyGroupId, $applyPermissionId, $dependGroupId = null, $dependPermissionId = null, $checkModerator = true)
    {
        $db = XenForo_Application::getDb();

        XenForo_Db::beginTransaction($db);

        if ($dependGroupId && $dependPermissionId)
        {
            $db->query("
                INSERT IGNORE INTO xf_permission_entry
                    (user_group_id, user_id, permission_group_id, permission_id, permission_value, permission_value_int)
                SELECT user_group_id, user_id, ?, ?, 'allow', 0
                FROM xf_permission_entry
                WHERE permission_group_id = ?
                    AND permission_id = ?
                    AND permission_value = 'allow'
            ", array($applyGroupId, $applyPermissionId, $dependGroupId, $dependPermissionId));
        }
        else
        {
            $db->query("
                INSERT IGNORE INTO xf_permission_entry
                    (user_group_id, user_id, permission_group_id, permission_id, permission_value, permission_value_int)
                SELECT DISTINCT user_group_id, user_id, ?, ?, 'allow', 0
                FROM xf_permission_entry
            ", array($applyGroupId, $applyPermissionId));
        }

        if ($checkModerator)
        {
            $moderators = self::_getGlobalModPermissions();
            foreach ($moderators AS $userId => $permissions)
            {
                if (!$dependGroupId || !$dependPermissionId || !empty($permissions[$dependGroupId][$dependPermissionId]))
                {
                    $permissions[$applyGroupId][$applyPermissionId] = '1'; // string 1 is stored by the code
                    self::_updateGlobalModPermissions($userId, $permissions);
                }
            }
        }

        XenForo_Db::commit($db);
    }
and it's called like this:
PHP:
self::applyGlobalPermission('resource', 'approveUnapprove', 'forum', 'approveUnapprove', true);
That should be a good starting point ;)
 

rugk

Active member
#10
Okay, thanks @"Jake B.". This really helped me.

But BTW: Is it intended that the permission entries stay in the database even if their permission, which is associated to an add-on, is deleted during the uninstallation of the add-on?
 

Chris D

XenForo developer
Staff member
#11
That's currently as designed, yes. You will need to manually remove permission entries on uninstall in the same way they were added.
 

rugk

Active member
#12
That's currently as designed, yes. You will need to manually remove permission entries on uninstall in the same way they were added.
Well okay, but has this design an intention? E.g. to allow you to reuse the permissions after a reinstallation?
So in other words: Would you recommend to delete these entries during the uninstallation of the add-on?
 

Lawrence

Well-known member
#13
Well okay, but has this design an intention? E.g. to allow you to reuse the permissions after a reinstallation?
So in other words: Would you recommend to delete these entries during the uninstallation of the add-on?
When an add-on is uninstalled there should be no trace left of it, in my opinion. Best practise is to delete the permissions.