phpBB

Development Wiki

Tutorial.Permissions

From phpBB Development Wiki

Revision as of 11:14, 23 February 2007 by Oleg (Talk | contribs)

Checking permissions

Global perission

To check if user can for example view other users profiles, use this code:

if (!$auth->acl_get('u_viewprofile'))
{
     
trigger_error('NOT_AUTHORIZED');
}

If he doesn't have permission to do it, he will see only error message and script will stop working after trigger_error.

Local permission

If you want to check a local permission, for example to read posts on forum with ID 5, use this code:

if (!$auth->acl_get('f_read'5))
{
     
trigger_error('NOT_AUTHORIZED');
}

Full list of existing permissions is in your database, in phpbb_acl_options table.

Adding a permission

Adding new permissions to Olympus is simple. Example how to add a permission to control who can access and manage foo:

Using the API (recommended)

  • Run this code in the installer:
<?php
// Setup $auth_admin class so we can add permission options
include($phpbb_root_path '/includes/acp/auth.' $phpEx);
$auth_admin = new auth_admin();

// Add permissions
$auth_admin->acl_add_option(array(
    
'local'      => array(),
    
'global'   => array('u_view_foo''u_manage_foo')
));
?>

Using SQL

You can also directly insert new rows into the phpbb_acl_options table:

INSERT INTO phpbb_acl_options (auth_option, is_global, is_local, founder_only) VALUES ('u_view_foo', 1, 0, 0);
INSERT INTO phpbb_acl_options (auth_option, is_global, is_local, founder_only) VALUES ('u_manage_foo', 1, 0, 0);

Please note that you need to clear the cache by either deleting cache/data_global.php or executing $cache->destroy('acl_options'); after this.

Language file

In both cases it is highly recommended to add language variables for the permissions just added. To do this, simply create a file named permissions_foo.php in language/xx/mods. It will automaticly included, don't worry about how.

<?php
/**
* DO NOT CHANGE
*/
if (empty($lang) || !is_array($lang))
{
    
$lang = array();
}

// DEVELOPERS PLEASE NOTE
//
// All language files should use UTF-8 as their encoding and the files must not contain a BOM.
//
// Placeholders can now contain order information, e.g. instead of
// 'Page %s of %s' you can (and should) write 'Page %1$s of %2$s', this allows
// translators to re-order the output of data while ensuring it remains correct
//
// You do not need this where single placeholders are used, e.g. 'Message %d' is fine
// equally where a string contains only two placeholders which are used to wrap text
// in a url you again do not need to specify an order e.g., 'Click %sHERE%s' is fine

// Adding new category
$lang['permission_cat']['foo'] = 'Foo management';

// Adding the permissions
$lang array_merge($lang, array(
    
'acl_u_view_foo'    => array('lang' => 'Can view foo''cat' => 'foo'),
    
'acl_u_manage_foo'    => array('lang' => 'Can manage foo''cat' => 'foo'),
));
?>

The permission should be ready to assign to users/groups in the acp now. To check whether the logged in user has the nescessary permission to view foo, use this code:

if (!$auth->acl_get('u_view_foo'))
{
     
trigger_error('NOT_AUTHORIZED');
}