The following warnings occurred: | ||||||||||||
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
|
Is function checkPermission($permission) valid to use? - Printable Version +- UserSpice (https://userspice.com/forums) +-- Forum: Miscellaneous (https://userspice.com/forums/forumdisplay.php?fid=28) +--- Forum: Off-topic Discussions (https://userspice.com/forums/forumdisplay.php?fid=10) +--- Thread: Is function checkPermission($permission) valid to use? (/showthread.php?tid=236) |
Is function checkPermission($permission) valid to use? - plb - 09-01-2016 I was getting ready to write a function to check if the current user had a given permission level and I came across this function on line 419 of us_helpers.php: Code: //Does user have permission Code: //This is the old school UserSpice Permission System Code: function checkPermission($permission) { Does this "old school" mean I shouldn't be using it? Is there an explanation anywhere about the whole permissions system without going through the video as it is coded? I want to treat "permissions" as the concept of groups from linux, but i'm not sure if I'm OK going that route or not... Is function checkPermission($permission) valid to use? - plb - 09-01-2016 Oh, I think I see. It's the funky $permission that is part of the old school system. I didn't look at that closely enough. I've now re-written it as this: http://pastebin.com/xxPhL5GC You can ignore this post except for the question about the whole permissions thing and whether it is equivalent to groups.. Is function checkPermission($permission) valid to use? - mudmin - 09-01-2016 You can definitely treat permission levels as groups. They don't have to be segregated with one necessarily being higher than the other one. Another function called checkMenu essentially does the same thing if you want specific permission levels to see certain things. I need to do a write up on the whole permission thing. Essentially when you create a permission level, it gets and id. You can even see the id from the backend when you click on the permission. When you add a page's visibility to a certain permission group, a new line is created in permission_page_matches in the database. That line has both the page id and the permission level id. Finally, when you give a permission level to a user, there is a line added in the db table user_permission_matches with the user's id and the permission level. So you basically have this triangle needed to access a page (user_id, permission_id, page_id). So user 1 goes to a page... UserSpice looks up all the permission ids that are linked to that user_id. Then it looks at the page and sees what permission_ids are allowed to visit that page_id. If everything lines up, you're let in. I hope that helps. Is function checkPermission($permission) valid to use? - plb - 09-02-2016 Thanks - that helps. Is function checkPermission($permission) valid to use? - aseiras - 09-09-2016 Hi, I am strugling with the permissions thing, does not matter if the user has access or not, every single page is accesible without login in. What am I missing? Can someone point me in the direction of the function that checks for the permissions? Is it possible it is missing from the pages I have written? (I used the template given) Thanks EDIT: Found it, sorry.. the line <?php if (!securePage($_SERVER['PHP_SELF'])){die();} ?> was commented as <?php //if (!securePage($_SERVER['PHP_SELF'])){die();} ?> I think it was like that on the template Is function checkPermission($permission) valid to use? - mudmin - 09-10-2016 Whoa. You're absolutely right. That was a complete goof. Sometimes for dev purposes it will get commented out, but that one wasn't supposed to be released. My fault. I've added it to the bugs and it will get fixed on release 4.1.5 on Monday. |