How to set default values for permissions?

[rugk]

How to set default values for permissions - preferable at install time?

I just want to prevent users of my addon to wonder why something does not work when they did not set up the permissions.

 

[Chris D]

I believe you have an RM license. This sets default permissions on install.

It handles it by giving certain permissions to users who already have certain XF permissions.

 

[rugk]

RM license? What?

So to prevent misunderstandings: I have added some custom permissions in my addon. Obviously they are also set to "Not set" after installing.
So I would like to change these defaults, so that they are for example all set to "Allow" for registered users after installing.

 

[Chris D]

Resource Manager. One of our add ons. We set some default permissions during install. It's a good example of how to do the same thing.

 

[rugk]

Well... I have no RM license. Is not there a simple generic explanation?

 

[Chris D]

Well the simple explanation is you insert the permission entries manually into the database with database queries.

 

[rugk]

Mhh. Sounds a bit hackish to (more or less) directly manipulate the DB.
Can you share some example code please?

 

[Chris D]

I wouldn't necessarily call it hackish. Permissions are little more than entries in a database and that's all that is required.

Best thing to do is look at the relevant permission tables. Look at the content of these tables before setting the permission on a group, and after and that is basically what you need to insert via your installer.

I am being deliberately vague because I am on my phone at the moment.

 

[Jake B.]

Here's the method the RM uses to insert default permission states:

    public static function applyGlobalPermission($applyGroupId, $applyPermissionId, $dependGroupId = null, $dependPermissionId = null, $checkModerator = true)
    {
        $db = XenForo_Application::getDb();

        XenForo_Db::beginTransaction($db);

        if ($dependGroupId && $dependPermissionId)
        {
            $db->query("
                INSERT IGNORE INTO xf_permission_entry
                    (user_group_id, user_id, permission_group_id, permission_id, permission_value, permission_value_int)
                SELECT user_group_id, user_id, ?, ?, 'allow', 0
                FROM xf_permission_entry
                WHERE permission_group_id = ?
                    AND permission_id = ?
                    AND permission_value = 'allow'
            ", array($applyGroupId, $applyPermissionId, $dependGroupId, $dependPermissionId));
        }
        else
        {
            $db->query("
                INSERT IGNORE INTO xf_permission_entry
                    (user_group_id, user_id, permission_group_id, permission_id, permission_value, permission_value_int)
                SELECT DISTINCT user_group_id, user_id, ?, ?, 'allow', 0
                FROM xf_permission_entry
            ", array($applyGroupId, $applyPermissionId));
        }

        if ($checkModerator)
        {
            $moderators = self::_getGlobalModPermissions();
            foreach ($moderators AS $userId => $permissions)
            {
                if (!$dependGroupId || !$dependPermissionId || !empty($permissions[$dependGroupId][$dependPermissionId]))
                {
                    $permissions[$applyGroupId][$applyPermissionId] = '1'; // string 1 is stored by the code
                    self::_updateGlobalModPermissions($userId, $permissions);
                }
            }
        }

        XenForo_Db::commit($db);
    }

and it's called like this:

self::applyGlobalPermission('resource', 'approveUnapprove', 'forum', 'approveUnapprove', true);

That should be a good starting point

 

[rugk]

Okay, thanks @"Jake B.". This really helped me.

But BTW: Is it intended that the permission entries stay in the database even if their permission, which is associated to an add-on, is deleted during the uninstallation of the add-on?

 

[Chris D]

That's currently as designed, yes. You will need to manually remove permission entries on uninstall in the same way they were added.

 

[rugk]

That's currently as designed, yes. You will need to manually remove permission entries on uninstall in the same way they were added.

Well okay, but has this design an intention? E.g. to allow you to reuse the permissions after a reinstallation?
So in other words: Would you recommend to delete these entries during the uninstallation of the add-on?

 

[Lawrence]

Well okay, but has this design an intention? E.g. to allow you to reuse the permissions after a reinstallation?
So in other words: Would you recommend to delete these entries during the uninstallation of the add-on?

When an add-on is uninstalled there should be no trace left of it, in my opinion. Best practise is to delete the permissions.

 

[rugk]

BTW Can't I also create and use a DataWriter for adding these default permissions?