Using UserSpice permissions in my own code

[grumpy-gnome]

I have a hierarcy of roles determined by the permission group: USER -> SUPERVISOR -> SUPERUSER -> ADMIN

An individual user can only be within one role. Users can not self-register so I define their role when I manually create their account.

Multiple roles can access individual pages - for example, page1.php can be used by USER & SUPERVISOR; page2.php is only accessible by SUPERUSER role...

I wanted to control certain privileges within my PHP by referencing the role that the logged on person currently has - a USER role being able to update less columns than a person in a SUPERVISOR role for example. If I check the "permissions" attribute of the user data though ($user->data()->permissions) this seems to be always set to 1. I was expecting it to reflect the role of the user as defined when it was created.

Is there anyway I can get to the role the user account is actually created as?

Sorry if I have completely missed the logic around permissions

[mudmin]

No problem. That permissions in the user table is more about ability to access the site as a whole. I think you're looking for this.....


hasPerm ([permission levels],user’s id)
The venerable, old checkMenu function from the UserCake days was nice, but not really flexible as your number of permission levels grew. So, we have also added hasPerm. If you want something to show up (or not show up) or go through (or fail) based on a person’s permission level, you can now pass in an array.

if (hasPerm([2,103],$user->data()->id)){
//do something
}

You can pass in as many permission levels as you want into that [] array. Permission level ids can be found by going to the Admin dashboard and manage your permission levels. Click on one to get its id. Note that if you don’t make that first argument an array [] , it will throw an error, so use [] even if it is only for one permission level.

[grumpy-gnome]

Just what I needed. Thanks!

[grumpy-gnome]

MMmm, get the following when I tried your code snippit with my permission IDs

Code:

Fatal error:  Call to a member function data()

Have I missed something basic? I suspect I might have

[grumpy-gnome]

Numpty error on my part... wrong scope

All happy now

[grumpy-gnome]

Oh dear! Spoke too soon. If I now use this function (hasPerm) to validate if an unauthorised user role has access, I get a fatal PHP error within users/us_helpers.php. This seems to relate to a variable around line 788 which references an undefined variable "$master_account".

The original code was

Code:

if (in_array($user->data()->id, $master_account)){

Two issues - neither $user nor $master_account appear to be defined within the function's scope. I fixed the $user variable by using the $id parameter passed into the function.

I'm not sure how to define $master_account though. It should be an array, but I wasn't sure whether it should be populated by the earlier foreach loop? Or maybe just the array passed into the function?

[karsen]

$master_account is an array that was omitted from a few versions of Userspice but has been recently readded. You can edit your init.php file to add it in. Any account ID's in the array will have access to all pages, regardless of their permissions. From my init.php:

// Set Time Zone string
$timezone_string="America/Los_Angeles";
date_default_timezone_set($timezone_string);

// Adding more ids to this array allows people to access everything, whether offline or not. Use caution.
$master_account = [1];

I don't think it matters quite where in the file you place it, but mine is after the timezone.

[grumpy-gnome]

I found $master_account had been defined in init.php just below the session_start line. All I needed to do was to define it as global in the function and all seems to work.

I notice this variable is also used in the securepage function so I guess that would need a global declaration as well if it ever gets called...