You can definitely treat permission levels as groups. They don't have to be segregated with one necessarily being higher than the other one. Another function called checkMenu essentially does the same thing if you want specific permission levels to see certain things.
I need to do a write up on the whole permission thing.
Essentially when you create a permission level, it gets and id. You can even see the id from the backend when you click on the permission.
When you add a page's visibility to a certain permission group, a new line is created in permission_page_matches in the database. That line has both the page id and the permission level id.
Finally, when you give a permission level to a user, there is a line added in the db table user_permission_matches with the user's id and the permission level.
So you basically have this triangle needed to access a page (user_id, permission_id, page_id).
So user 1 goes to a page... UserSpice looks up all the permission ids that are linked to that user_id. Then it looks at the page and sees what permission_ids are allowed to visit that page_id. If everything lines up, you're let in.
I hope that helps.
Hi,
I am strugling with the permissions thing, does not matter if the user has access or not, every single page is accesible without login in.
What am I missing?
Can someone point me in the direction of the function that checks for the permissions?
Is it possible it is missing from the pages I have written? (I used the template given)
Thanks
EDIT:
Found it, sorry.. the line
<?php if (!securePage($_SERVER['PHP_SELF'])){die();} ?>
was commented as
<?php //if (!securePage($_SERVER['PHP_SELF'])){die();} ?>
I think it was like that on the template
Whoa. You're absolutely right. That was a complete goof. Sometimes for dev purposes it will get commented out, but that one wasn't supposed to be released. My fault.
I've added it to the bugs and it will get fixed on release 4.1.5 on Monday.
