Permission Checking in Templates?

[James]

How would I check to see if a permission is set using the templates? Or isn't it possible?

Does permission_combination_id use bitfields to calculate the ID? If so, wouldn't it be possible to use $user['permission_combination_id'] && $valueofmypermission to see if it exists?

 

[Shadab]

Permission checking is usually done in the Models. You can implement some can*() methods in your model class, which would check the permission of the viewing user for a particular action. Then call these methods from a controller to set the value of a template parameter.

$foo = $fooModel->getFooById($fooId);

$viewParams = array(
    'foo'          => $foo,
    'canDeleteFoo' => $fooModel->canDeleteFoo($foo, $visitor),
    'canEditFoo'   => ...
);

// Pass these parameters to your template

And then in your template, simply check for:

<xen:if is="{$canDeleteFoo}">
   <!-- Stuff to show if the user can delete foo -->
</xen:if>

 

[James]

Thanks Shadab. I'll have to look at some previous add-ons to see how to do permission checking (I get baffled when using MVC frameworks).

 

[Shadab]

You can take cue from the Thread and Post models.
(/library/XenForo/Model/Thread.php, lines 480 to 1010)

Many of such methods are just one-liners, which call either "XenForo_Permission::hasContentPermission()" or "XenForo_Permission::hasPermission()" to actually check the user permissions.

 

[James]

I'm trying to check a custom permission definition so that I can call the <xen:if is="{$customPermission}"> and display the users who have that permission enabled.

I haven't had much any experience using MVC frameworks.

 

[Jaxel]

You can check permissions in templates... I do it sometimes when its not feasible to do it in a model...

<xen:if is="{$visitor.permissions.permissionGroupID.permissionID}">

 

[James]

It's just one permission, so it wouldn't really be feasible in a model.