Permission Checking in Templates?


Well-known member
How would I check to see if a permission is set using the templates? Or isn't it possible?

Does permission_combination_id use bitfields to calculate the ID? If so, wouldn't it be possible to use $user['permission_combination_id'] && $valueofmypermission to see if it exists?


Well-known member
Permission checking is usually done in the Models. You can implement some can*() methods in your model class, which would check the permission of the viewing user for a particular action. Then call these methods from a controller to set the value of a template parameter.

$foo = $fooModel->getFooById($fooId);

$viewParams = array(
    'foo'          => $foo,
    'canDeleteFoo' => $fooModel->canDeleteFoo($foo, $visitor),
    'canEditFoo'   => ...

// Pass these parameters to your template
And then in your template, simply check for:
<xen:if is="{$canDeleteFoo}">
   <!-- Stuff to show if the user can delete foo -->


Well-known member
Thanks Shadab. I'll have to look at some previous add-ons to see how to do permission checking (I get baffled when using MVC frameworks).


Well-known member
You can take cue from the Thread and Post models.
(/library/XenForo/Model/Thread.php, lines 480 to 1010)

Many of such methods are just one-liners, which call either "XenForo_Permission::hasContentPermission()" or "XenForo_Permission::hasPermission()" to actually check the user permissions.


Well-known member
I'm trying to check a custom permission definition so that I can call the <xen:if is="{$customPermission}"> and display the users who have that permission enabled.

I haven't had much any experience using MVC frameworks.


Well-known member
You can check permissions in templates... I do it sometimes when its not feasible to do it in a model...

<xen:if is="{$visitor.permissions.permissionGroupID.permissionID}">