Jump to content

Photo
- - - - -

Understanding user permissions and how to apply it


  • Please log in to reply
1 reply to this topic

#1 RyanSMurphy

RyanSMurphy

    Level 1

  • Members
  • Level
  • 0 points
  • 2 posts

Posted 18 July 2012 - 09:47 AM

I am developing a module for a site using [Social Engine][1], which uses Zend Framework. I am new to both Zend Framework and Social Engine but have experience in OOP and MVC architecture so could get to grips with basics relatively quickly.

Its a test module I'm developing so have just built a simple module where the user can create, edit or delete CD information. Then there is a widget which can be displayed where they like which shows there CD information.

I am now at the point where I need to set permissions of what CDs people can see etc. So I studied other modules and found the Poll module to be a concrete example.

Looking at other modules I realised that when you create something, they let the user set their permissions manually.

So added this code to my form to create a select box with relevant permissions:

$auth = Engine_Api::_()->authorization()->context;
    $user = Engine_Api::_()->user()->getViewer();
    $viewOptions = (array) Engine_Api::_()->authorization()->getAdapter('levels')->getAllowed('ryan', $user, 'auth_view');
    $viewOptions = array_intersect_key($availableLabels, array_flip($viewOptions));
    		
    $privacy = null;
        	
    if( !empty($viewOptions) && count($viewOptions) >= 1 ) {
        // Make a hidden field
        if(count($viewOptions) == 1) {
            //$this->addElement('hidden', 'auth_view', array('value' => key($viewOptions)));
            $privacy  = new Zend_Form_Element_Hidden('auth_view');
            $privacy->setValue(key($viewOptions));
            // Make select box
        } else {
            $privacy = new Zend_Form_Element_Select('auth_view');
            $privacy->setLabel('Privacy')
                    ->setDescription('Who may see this CD?')
                    ->setMultiOptions($viewOptions)
                    ->setValue(key($viewOptions));
            /*$this->addElement('Select', 'auth_view', array(
                'label' => 'Privacy',
                'description' => 'Who may see this CD?',
                'multiOptions' => $viewOptions,
                'value' => key($viewOptions),
            ));*/
        }
    }
    		
    $this->addElements(array($artist, $title, $privacy, $submit));
To be honest I'm not entirely sure what this code does apart from obviously create a select box and fill it with values specified.

So if the user selects 'Everyone' everyone should be able to delete and edit that cd, and so on.

Obviously I thought controller must have some code that might deal with determining whether the user has the rights to view each cd etc.

So scanning the Poll controller I found this is in the init function of the controller:

public function init() {
        // Get subject
        $poll = null;
        if( null !== ($pollIdentity = $this->_getParam('poll_id')) ) {
            $poll = Engine_Api::_()->getItem('poll', $pollIdentity);
            if( null !== $poll ) {
                Engine_Api::_()->core()->setSubject($poll);
            }
        }
    
        // Get viewer
        $this->view->viewer = $viewer = Engine_Api::_()->user()->getViewer();
        $this->view->viewer_id = Engine_Api::_()->user()->getViewer()->getIdentity();
    
        // only show polls if authorized
        $resource = ( $poll ? $poll : 'poll' );
        $viewer = ( $viewer && $viewer->getIdentity() ? $viewer : null );
        if( !$this->_helper->requireAuth()->setAuthParams($resource, $viewer, 'view')->isValid() ) {
            return;
        }
    }

And in each action at the top they have some different authorization code, one such example is the `editAction` which has this code right at the top:

// Check auth
    if( !$this->_helper->requireUser()->isValid() ) {
        return;
    }
    if( !$this->_helper->requireSubject()->isValid() ) {
        return;
    }
    if( !$this->_helper->requireAuth()->setAuthParams(null, null, 'edit')->isValid() ) {
        return;
    }


also in the same action is has several other bits i don't understand what they are doing, below is random snippets from the `editAction` in the Poll controller:

$auth = Engine_Api::_()->authorization()->context;
    $roles = array('owner', 'owner_member', 'owner_member_member', 'owner_network', 'registered', 'everyone');
    
    // Populate form with current settings
    $form->search->setValue($poll->search);
    foreach( $roles as $role ) {
        if( 1 === $auth->isAllowed($poll, $role, 'view') ) {
            $form->auth_view->setValue($role);
        }
        if( 1 === $auth->isAllowed($poll, $role, 'comment') ) {
            $form->auth_comment->setValue($role);
        }
    }

    // CREATE AUTH STUFF HERE
    if( empty($values['auth_view']) ) {
        $values['auth_view'] = array('everyone');
    }
    if( empty($values['auth_comment']) ) {
        $values['auth_comment'] = array('everyone');
    }
    
    $viewMax = array_search($values['auth_view'], $roles);
    $commentMax = array_search($values['auth_comment'], $roles);

My problem is I really don't understand much if any of the above and after sitting on it for a couple of days and googling to my fingers hurt I still don't really have a clue if I am 100% honest. Can any of the above be cleared up for me, help explain things to me, and if possible how can i apply the permissions I want to my module.

[1]: http://www.socialengine.com/

#2 varshaan

varshaan

    Level 2

  • Members
  • Level
  • 23 points
  • 33 posts
    • Gender:Male
    • Location:Bangalore
    • Software:SE 4.8.x

Posted 31 December 2019 - 04:45 AM

All these permission user level wise you can find in engine4_authorization_permissions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


All the resources listed here are just for testing purpose and they shouldn't be used at any commercial environment without a valid license.
Those are for users who wants to try them before buy. Help the developer to build it better by purchasing them from original authors.