XF 2.1 Usergroup permissions

[Ozzy47]

When creating options for an addon, you can create a setting for usergroups.



Then we can use this in our templates by the following, $xf.visitor.isMemberOf($xf.options.editsilently_groups)

I have been told that this is "very bad". Is this true, it is bad to do authorise groups a permission this way?

 

[Liam W]

It isn't ideal, certainly. It'd be much preferred to use the actually permissions inheritance system, by creating a permission and checking for it.

 

[Chris D]

I think "very bad" is a slight exaggeration. As ever, it depends exactly what you want to achieve.

Permissions are really something that should be handled by the actual permissions system. That gives you the ability to define the permissions by individual user, or by group, plus they can be overridden with "Never" in some situations, support inheritance and so on.

Note that the only place we do actually use the user group selection in options is actually where a permission wouldn't be appropriate. Check the addBanUserGroup permission. This isn't something that could be achieved with the permissions system as we are specifying a user group which is the target for a specific action.

There may be times where doing it as an option is reasonable, but in this particular case permissions are a much more reasonable approach. Not least for the fact that here, assuming this is specifically for post edit history (bear in mind that edit history could be used in different systems) you might even want to consider creating it as a forum permission so it can be controlled per-node with node permissions too.

 

[Ozzy47]

Thanks guys. Seems I need to rewrite the addon then. Thanks for the explanation.

 

[Ozzy47]

you might even want to consider creating it as a forum permission so it can be controlled per-node with node permissions too.

Okay, I did this, and I use this in the template, $xf.visitor.hasPermission('forum', 'ozzmodzEditSilently') but it only seems to set it through User group permissions. If I set it to "Yes" there, and in Forum permissions set the permission to "No" or "Never" seems to have no affect. Both of those settings were set on the Administrative group.

 

[Ozzy47]

I replaced hasPermission with hasContentPermission but I get this error, Too few arguments to function XF\Entity\User::hasContentPermission(), 2 passed and exactly 3 expected src/XF/Entity/User.php:929

 

[Liam W]

The \XF\Entity\User::hasContentPermission method takes 3 parameters, as the error says - the contentType, the contentId and the permissionId. The contentType in this case would be node.

However, there is a \XF\Entity\User::hasNodePermission helper method, which calls the aforementioned method with the contentType parameter set as a string literal, therefore requiring only the contentId (the node_id) and the permissionId.

The standard way of implementing forum-based permission checks, however, would generally be to extend the \XF\Entity\Forum entity and add a custom method to check for your permission (using the same \XF\Entity\User::hasNodePermission method - see the various canX methods in the aforementioned class).

Incidentally, are you using an IDE? Any IDE worth using should give you parameter prompts.

 

[Ozzy47]

I am doing a find and replace in a template using the template modification system. I have no files associated with the addon. I really don't want to add files, so I guess I am stuck just using the basic user group permissions?

No real IDE yet, using Komodo Edit.

 

[Liam W]

You'd have to have files to add a custom permission, as they're associated with add-ons.

 

[Ozzy47]

Okay, I think I will forgo the forum permission route and just stick with user group permissions, I would not have a clue on how to add custom permissions through the files.

 

[Liam W]

You do it using the 'Development' tab in the admin panel, XF creates all the files for you. You should be using the CLI command to create the initial add-on.

Also, you must've created the permission, as you mentioned you'd used it above...