Permissions
in package
Permission Management System
This class manages all permissions used throughout the system. It sets up permission groups and handles user permission checks. By default, users have access to everything unless explicitly restricted.
The permission system works by first blocking all access and then enabling only the specific permissions granted to the user.
Special permission groups (see autoload.php):
- _user: A conventional group for managing administrators and guests outside the Auth module
- _user.is_admin: Administrator user flag
- _user.is_guest: Guest user flag (if false, the user is logged in)
- _user.is_authenticated: Logged in user flag (alias of !is_guest, returns true if user is logged in)
Tags
Table of Contents
Properties
- $exclusive_groups : array<string|int, mixed>
- Groups with exclusive permissions
- $group_title : array<string|int, mixed>
- Titles for permission groups
- $permissions : array<string|int, mixed>
- List of all permission definitions in the system
- $user_permissions : array<string|int, mixed>
- Current user's active permissions
Methods
- check() : bool
- Checks if the current user has permission for a specific action
- check_json() : void
- Generate a standardized JSON error response for permission denied
- get() : array<string|int, mixed>
- Gets permissions for a group or all permissions if no group is specified Does not return user permissions!
- get_group_title() : string
- Gets the title for a permission group
- get_groups() : array<string|int, mixed>
- Gets the list of all permission groups with titles
- get_user_permissions() : array<string|int, mixed>
- Gets user permissions
- is_exclusive_group() : bool
- Checks if a group is exclusive
- set() : void
- Sets permissions for a group Does not set user permissions!
- set_exclusive_group() : void
- Sets a group as exclusive or non-exclusive
- set_group_title() : void
- Sets the title for a permission group
- set_user_permissions() : void
- Sets permissions for the current user
Properties
$exclusive_groups
Groups with exclusive permissions
public
static array<string|int, mixed>
$exclusive_groups
= []
In exclusive groups, only one permission can be active at a time. Format: ['group_name' => true]
$group_title
Titles for permission groups
public
static array<string|int, mixed>
$group_title
= []
This array stores display titles for permission groups. If a group doesn't have a title, it won't appear in the Auth module's permission settings.
$permissions
List of all permission definitions in the system
public
static array<string|int, mixed>
$permissions
= []
This array stores all defined permissions organized by group. Format: ['group_name' => ['permission_name' => 'Permission Title']]
$user_permissions
Current user's active permissions
public
static array<string|int, mixed>
$user_permissions
= []
This array stores the current user's permission states (true/false). Format: ['group_name' => ['permission_name' => true|false]]
Methods
check()
Checks if the current user has permission for a specific action
public
static check(string $permission) : bool
This is the main method for permission verification throughout the application. Permission format is 'group.permission_name' (e.g., 'auth.manage').
Special cases:
- If the user has '_user.is_admin' permission, all checks return true
- '_user.is_guest' can be checked to determine if the user is a guest
- '_user.is_authenticated' can be checked to determine if the user is logged in (alias of !is_guest)
Parameters
- $permission : string
-
Permission in format 'group.permission_name'
Tags
Return values
bool —True if the user has the permission, false otherwise
check_json()
Generate a standardized JSON error response for permission denied
public
static check_json(mixed $permission[, string $custom_message = '' ]) : void
Parameters
- $permission : mixed
- $custom_message : string = ''
-
Optional custom message to customizations default
Return values
void —Outputs JSON response and exits
get()
Gets permissions for a group or all permissions if no group is specified Does not return user permissions!
public
static get([string $group = '' ]) : array<string|int, mixed>
This method returns the permissions for a specific group or all permissions if no group is specified.
Parameters
- $group : string = ''
-
Optional group name
Tags
Return values
array<string|int, mixed> —List of permissions
get_group_title()
Gets the title for a permission group
public
static get_group_title(string $group) : string
Returns the display title for a permission group or an empty string if not set.
Parameters
- $group : string
-
The permission group name
Return values
string —The group title or empty string if not set
get_groups()
Gets the list of all permission groups with titles
public
static get_groups() : array<string|int, mixed>
Returns an array of all permission groups that have titles set.
Return values
array<string|int, mixed> —Array of group titles indexed by group name
get_user_permissions()
Gets user permissions
public
static get_user_permissions() : array<string|int, mixed>
Return values
array<string|int, mixed> —User permissions
is_exclusive_group()
Checks if a group is exclusive
public
static is_exclusive_group(string $group) : bool
Determines whether a permission group is exclusive (only one permission can be active at a time).
Parameters
- $group : string
-
The permission group name
Return values
bool —True if the group is exclusive, false otherwise
set()
Sets permissions for a group Does not set user permissions!
public
static set(string $group, array<string|int, mixed> $permissions[, string|bool $group_name = false ][, bool $exclusive = false ]) : void
This method defines permissions for a specific group. When a permission is set, the current user's permission is initially set to false. The user management system will later activate the permissions granted to the user.
Parameters
- $group : string
-
The permission group name
- $permissions : array<string|int, mixed>
-
List of permissions as ['permission_name' => 'Title']
- $group_name : string|bool = false
-
Optional title for the permission group
- $exclusive : bool = false
-
Whether the group is exclusive (only one permission active at a time)
Tags
set_exclusive_group()
Sets a group as exclusive or non-exclusive
public
static set_exclusive_group(string $group[, bool $exclusive = true ]) : void
In exclusive groups, only one permission can be active at a time. In non-exclusive groups, multiple permissions can be active simultaneously. When a group is set as exclusive, this method ensures only one permission remains active.
Parameters
- $group : string
-
The permission group name
- $exclusive : bool = true
-
True if the group should be exclusive, false otherwise
set_group_title()
Sets the title for a permission group
public
static set_group_title(string $group, string $title) : void
If a group title is not set, it won't appear in the Auth module's permission settings. The title can also be set directly using the third parameter of set().
Parameters
- $group : string
-
The permission group name
- $title : string
-
The display title for the group
Tags
set_user_permissions()
Sets permissions for the current user
public
static set_user_permissions(string $group, array<string|int, mixed> $permissions) : void
This method assigns permission values to the current user. For exclusive groups, only one permission can be active at a time.
Parameters
- $group : string
-
The permission group name
- $permissions : array<string|int, mixed>
-
Array of permissions as ['permission_name' => true|false]