- ⌂ io_comand_auth
- Classes
- Content Types
Privilege Content Type
The Privilege Content Type provides an easy way to define simple custom authorizations. A privilege can define a simple checkbox, which can be checked per user. Or, a privilege can define a list of checkboxes, one for each object in a collection returned by a query. Each object can be checked per user to determine if the user should have the privilege for a specific object.
- Identifier - The name of the privilege, as it will be referenced in code.
- Title - Name for the User Role.
- Description - Brief description of the abilities granted by this role.
- Package - The package to associate this privilege with. Privileges will be grouped by package in the Users app.
- Applies To - A cPath describing the objects that this privilege can apply to. This is used building user roles that grant this privilege. If not set, assumes [:Object+].
Set Privileges
Once a Privilege is defined, it can be assigned to a User or User Role.
- Open the Users App.
- Open the User and Authorizations tab, or the User Role.
- Click the Privileges tab.
- If the Privilege does not have an "Applies To" filled out, click the Package that corresponds to the Package specified for the Privilege, and the Privilege will appear to the right with a checkbox. If the Privilege has an "Applies To" filled out, click the Privilege that appears below the corresponding Package, and the "Applies To" objects will each display to the right with a checkbox.
Checking for Privileges
Once a Privilege is defined and set, it can be checked with API code like the following.
$user = $framework->get_end_user();
$ns = 'privilege_package_namespace';
$id = 'PrivilegeIdentifier';
// check this user for a simple privilege ("Applies To" not filled out)
$authorized = $user->check_authorized($ns, $id);
if(!$authorized) {
\io_comand_mvc\view::show_error('You are not authorized.');
return FALSE;
}
// check this user for an object privilege ("Applies To" is filled out)
$object = $repo->get_object_by_oid(123);
$authorized = $user->check_authorized_object($object, $ns, $id);
if(!$authorized) {
\io_comand_mvc\view::show_error('You are not authorized.');
return FALSE;
}