checkAccess (function)

Last updated: Mon, Apr 17, 2023 7:26 am
Return to Knowledgebase

Purpose

Check if the currently logged in user has permission to access a particular page or resource.

Location

users/helpers/permissions.php

Parameters

# Parameter Data Type Required Description
1 $key string Yes A Key in the UserSpice us_management table
2 $value string Yes A Value in the UserSpice us_management table

Returns

Data Type Description of Returned Data
bool Returns true or false based on whether or not a user has access to that resource

Further Documentation:

The function takes two parameters: $key and $value. These parameters are used to query the us_management table in the database for information about the page/resource being accessed.

The function first retrieves the global variables $db, $user, and $master_account. $db is an instance of the DB class used for database interactions, $user is an instance of the User class representing the currently logged in user, and $master_account is an array of user IDs that are granted full access to all pages/resources.

If the current user's ID is found in the $master_account array or they have the Administrator permission (with permission ID 2), the function returns true to grant access.

If the current user is not in the $master_account array and does not have the Administrator permission, the function queries the us_management table for a row that matches the given $key and $value parameters.

If the query returns no rows, the function returns false to deny access.

If the query returns a row, the function checks the access column of the row to determine which permission IDs are required to access the page/resource. The hasPerm() function is called to check if the current user has any of the required permission IDs.

If the current user has at least one of the required permission IDs, the function returns true to grant access. Otherwise, the function returns false to deny access.

If an error occurs during the query or permission check, the function logs the error and returns false.

Here is an example usage of the checkAccess() function to grant or deny access to a particular page/resource based on the user's permissions:



$page_key = 'page_slug';
$page_value = 'my-page';
if (checkAccess($page_key, $page_value)) {
// The user has permission to access the page/resource
// Display the page content here...
} else {
// The user does not have permission to access the page/resource
// Redirect to a different page or display an error message...
}

In this example, the checkAccess() function is called with the $page_key and $page_value variables as the parameters. The function checks if the current user has permission to access the page/resource identified by these parameters. If the user has permission, the page content is displayed. If not, the user is redirected to a different page or an error message is displayed.