History of LibertyContentPermissioning
LibertyContent derived objects have the ability to determine if the current user has a given permission. There is a mechanism to allow Content specific adminstrative permissioning so a given user can have administrative permission for a given content type, but not be giving complete admin control.
In each derived content class, the $mAdminContentPerm member variable is set in the contructor. Here is the constructor for the product class in the BitcommercePackage:
{CODE in="php"}
class CommerceProduct extends LibertyAttachable {
var $mProductsId;
function CommerceProduct( $pProductsId=NULL, $pContentId=NULL ) {
LibertyAttachable::LibertyAttachable();
$this->registerContentType( BITPRODUCT_CONTENT_TYPE_GUID, array(
'content_type_guid' => BITPRODUCT_CONTENT_TYPE_GUID,
'content_description' => 'Product',
'handler_class' => 'CommerceProduct',
'handler_package' => 'bitcommerce',
'handler_file' => 'classes/CommerceProduct.php',
'maintainer_url' => 'http://www.bitcommerce.org'
) );
$this->mProductsId = $pProductsId;
$this->mContentId = $pContentId;
$this->mContentTypeGuid = BITPRODUCT_CONTENT_TYPE_GUID;
$this->mAdminContentPerm = 'bit_p_commerce_admin';
}
{CODE}
$this->mAdminContentPerm will be checked in the base method, hasAdminPermission(). This will check if the current user is a full-fledged admin with BitUser::isAdmin(), or if they have the $this->mAdminContentPerm permission.
Code snippet from LibertyContent that checks for the admin permission:
{CODE in="php"}
class LibertyContent extends LibertyBase {
...
/**
* Admin control permission specific to this LibertyContent type
* @private
*/
var $mAdminContentPerm;
...
/**
* Function that determines if this content specified permission for the current gBitUser
*
* @param string Name of the permission to check
* @param bool Generate fatal message if permission denigned
* @param string Message if permission denigned
* @return bool true if user has permission to access file
* @todo Fatal message still to be implemented
*/
function hasUserPermission( $pPermName, $pFatalIfFalse=FALSE, $pFatalMessage=NULL ) {
global $gBitUser;
if( !$gBitUser->isRegistered() | | !($ret = $this->isOwner()) ) {
if( !($ret = $this->hasAdminPermission()) ) {
$this->verifyAccessControl();
if( $this->loadPermissions() ) {
$userPerms = $this->getUserPermissions( $gBitUser->mUserId );
$ret = isset( $userPerms[$pPermName]['user_id'] ) && ( $userPerms[$pPermName]['user_id'] == $gBitUser->mUserId );
} else {
$ret = $gBitUser->hasPermission( $pPermName );
}
}
}
return( $ret );
}
/**
* Determine if current user has the ability to administer this type of content
*
* @return bool True if user has this type of content administration permission
*/
function hasAdminPermission() {
global $gBitUser;
return( $gBitUser->isAdmin() || $gBitUser->hasPermission( $this->mAdminContentPerm ) );
}
{CODE}
In each derived content class, the $mAdminContentPerm member variable is set in the contructor. Here is the constructor for the product class in the BitcommercePackage:
{CODE in="php"}
class CommerceProduct extends LibertyAttachable {
var $mProductsId;
function CommerceProduct( $pProductsId=NULL, $pContentId=NULL ) {
LibertyAttachable::LibertyAttachable();
$this->registerContentType( BITPRODUCT_CONTENT_TYPE_GUID, array(
'content_type_guid' => BITPRODUCT_CONTENT_TYPE_GUID,
'content_description' => 'Product',
'handler_class' => 'CommerceProduct',
'handler_package' => 'bitcommerce',
'handler_file' => 'classes/CommerceProduct.php',
'maintainer_url' => 'http://www.bitcommerce.org'
) );
$this->mProductsId = $pProductsId;
$this->mContentId = $pContentId;
$this->mContentTypeGuid = BITPRODUCT_CONTENT_TYPE_GUID;
$this->mAdminContentPerm = 'bit_p_commerce_admin';
}
{CODE}
$this->mAdminContentPerm will be checked in the base method, hasAdminPermission(). This will check if the current user is a full-fledged admin with BitUser::isAdmin(), or if they have the $this->mAdminContentPerm permission.
Code snippet from LibertyContent that checks for the admin permission:
{CODE in="php"}
class LibertyContent extends LibertyBase {
...
/**
* Admin control permission specific to this LibertyContent type
* @private
*/
var $mAdminContentPerm;
...
/**
* Function that determines if this content specified permission for the current gBitUser
*
* @param string Name of the permission to check
* @param bool Generate fatal message if permission denigned
* @param string Message if permission denigned
* @return bool true if user has permission to access file
* @todo Fatal message still to be implemented
*/
function hasUserPermission( $pPermName, $pFatalIfFalse=FALSE, $pFatalMessage=NULL ) {
global $gBitUser;
if( !$gBitUser->isRegistered() | | !($ret = $this->isOwner()) ) {
if( !($ret = $this->hasAdminPermission()) ) {
$this->verifyAccessControl();
if( $this->loadPermissions() ) {
$userPerms = $this->getUserPermissions( $gBitUser->mUserId );
$ret = isset( $userPerms[$pPermName]['user_id'] ) && ( $userPerms[$pPermName]['user_id'] == $gBitUser->mUserId );
} else {
$ret = $gBitUser->hasPermission( $pPermName );
}
}
}
return( $ret );
}
/**
* Determine if current user has the ability to administer this type of content
*
* @return bool True if user has this type of content administration permission
*/
function hasAdminPermission() {
global $gBitUser;
return( $gBitUser->isAdmin() || $gBitUser->hasPermission( $this->mAdminContentPerm ) );
}
{CODE}