Check if the currently logged in user has permission to access a particular page or resource.
Location
users/helpers/permissions.php
Parameters
#
Parameter
Data Type
Required
Description
1
$key
string
Yes
A Key in the UserSpice us_management table
2
$value
string
Yes
A Value in the UserSpice us_management table
Returns
Data Type
Description of Returned Data
bool
Returns true or false based on whether or not a user has access to that resource
Further Documentation:
The function takes two parameters: $key and $value. These parameters are used to query the us_management table in the database for information about the page/resource being accessed.
The function first retrieves the global variables $db, $user, and $master_account. $db is an instance of the DB class used for database interactions, $user is an instance of the User class representing the currently logged in user, and $master_account is an array of user IDs that are granted full access to all pages/resources.
If the current user's ID is found in the $master_account array or they have the Administrator permission (with permission ID 2), the function returns true to grant access.
If the current user is not in the $master_account array and does not have the Administrator permission, the function queries the us_management table for a row that matches the given $key and $value parameters.
If the query returns no rows, the function returns false to deny access.
If the query returns a row, the function checks the access column of the row to determine which permission IDs are required to access the page/resource. The hasPerm() function is called to check if the current user has any of the required permission IDs.
If the current user has at least one of the required permission IDs, the function returns true to grant access. Otherwise, the function returns false to deny access.
If an error occurs during the query or permission check, the function logs the error and returns false.
Here is an example usage of the checkAccess() function to grant or deny access to a particular page/resource based on the user's permissions:
$page_key = 'page_slug'; $page_value = 'my-page';
if (checkAccess($page_key, $page_value)) {
// The user has permission to access the page/resource
// Display the page content here...
} else {
// The user does not have permission to access the page/resource
// Redirect to a different page or display an error message...
}
In this example, the checkAccess() function is called with the $page_key and $page_value variables as the parameters. The function checks if the current user has permission to access the page/resource identified by these parameters. If the user has permission, the page content is displayed. If not, the user is redirected to a different page or an error message is displayed.