LibertyContentPermissioning

Created by: spiderr, Last modification: 27 Sep 2005 (18:55 UTC)
LibertyContent derived objects have the ability to determine if the current user has a given permission. There is a mechanism to allow Content specific adminstrative permissioning so a given user can have administrative permission for a given content type, but not be giving complete admin control.

In each derived content class, the $mAdminContentPerm member variable is set in the contructor. Here is the constructor for the product class in the BitcommercePackage:


<?php
class CommerceProduct extends LibertyAttachable {
    var 
$mProductsId;

    function 
CommerceProduct$pProductsId=NULL$pContentId=NULL ) {
        
LibertyAttachable::LibertyAttachable();
        
$this->registerContentTypeBITPRODUCT_CONTENT_TYPE_GUID, array(
                        
'content_type_guid' => BITPRODUCT_CONTENT_TYPE_GUID,
                        
'content_description' => 'Product',
                        
'handler_class' => 'CommerceProduct',
                        
'handler_package' => 'bitcommerce',
                        
'handler_file' => 'classes/CommerceProduct.php',
                        
'maintainer_url' => 'http://www.bitcommerce.org'
                
) );
        
$this->mProductsId $pProductsId;
        
$this->mContentId $pContentId;
        
$this->mContentTypeGuid BITPRODUCT_CONTENT_TYPE_GUID;
        
$this->mAdminContentPerm 'bit_p_commerce_admin';
    }
?>


$this->mAdminContentPerm will be checked in the base method, hasAdminPermission(). This will check if the current user is a full-fledged admin with BitUser::isAdmin(), or if they have the $this->mAdminContentPerm permission.

Code snippet from LibertyContent that checks for the admin permission:


<?php
class LibertyContent extends LibertyBase {

    ...

    
/**
    * Admin control permission specific to this LibertyContent type
    * @private
    */
    
var $mAdminContentPerm;

    ...

    
/**
     * Function that determines if this content specified permission for the current gBitUser
     *
     * @param string Name of the permission to check
     * @param bool Generate fatal message if permission denigned
     * @param string Message if permission denigned
     * @return bool true if user has permission to access file
     * @todo Fatal message still to be implemented
     */
    
function hasUserPermission$pPermName$pFatalIfFalse=FALSE$pFatalMessage=NULL  ) {
        global 
$gBitUser;
        if( !
$gBitUser->isRegistered() | | !($ret $this->isOwner()) ) {
            if( !(
$ret $this->hasAdminPermission()) ) {
                
$this->verifyAccessControl();
                if( 
$this->loadPermissions() ) {
                    
$userPerms $this->getUserPermissions$gBitUser->mUserId );
                    
$ret = isset( $userPerms[$pPermName]['user_id'] ) && ( $userPerms[$pPermName]['user_id'] == $gBitUser->mUserId );
                } else {
                    
$ret $gBitUser->hasPermission$pPermName );
                }
            }
        }
        return( 
$ret );
    }

    
/**
     * Determine if current user has the ability to administer this type of content
     *
     * @return bool True if user has this type of content administration permission
     */
    
function hasAdminPermission() {
        global 
$gBitUser;
        return( 
$gBitUser->isAdmin() || $gBitUser->hasPermission$this->mAdminContentPerm ) );
    }
?>