MilkCore

Permissions
in package

Permission Management System

This class manages all permissions used throughout the system. It sets up permission groups and handles user permission checks. By default, users have access to everything unless explicitly restricted.

The permission system works by first blocking all access and then enabling only the specific permissions granted to the user.

Special permission groups (see autoload.php):

  • _user: A conventional group for managing administrators and guests outside the Auth module
  • _user.is_admin: Administrator user flag
  • _user.is_guest: Guest user flag (if false, the user is logged in)
  • _user.is_authenticated: Logged in user flag (alias of !is_guest, returns true if user is logged in)
Tags
example
// Check if user is a guest
if (Permissions::check('_user.is_guest')) {
    // Handle guest user
}

// Check if user is logged in (Method 1)
if (!Permissions::check('_user.is_guest')) {
    // Handle logged-in user
}

// Check if user is logged in (Method 2 - more intuitive)
if (Permissions::check('_user.is_authenticated')) {
    // Handle logged-in user
}

// Check if user is an administrator
if (Permissions::check('_user.is_admin')) {
    // Handle administrator
}

Table of Contents

Properties

$exclusive_groups  : array<string|int, mixed>
Groups with exclusive permissions
$group_title  : array<string|int, mixed>
Titles for permission groups
$permissions  : array<string|int, mixed>
List of all permission definitions in the system
$user_permissions  : array<string|int, mixed>
Current user's active permissions

Methods

check()  : bool
Checks if the current user has permission for a specific action
check_json()  : void
Generate a standardized JSON error response for permission denied
get()  : array<string|int, mixed>
Gets permissions for a group or all permissions if no group is specified Does not return user permissions!
get_group_title()  : string
Gets the title for a permission group
get_groups()  : array<string|int, mixed>
Gets the list of all permission groups with titles
get_user_permissions()  : array<string|int, mixed>
Gets user permissions
is_exclusive_group()  : bool
Checks if a group is exclusive
set()  : void
Sets permissions for a group Does not set user permissions!
set_exclusive_group()  : void
Sets a group as exclusive or non-exclusive
set_group_title()  : void
Sets the title for a permission group
set_user_permissions()  : void
Sets permissions for the current user

Properties

$exclusive_groups

Groups with exclusive permissions

public static array<string|int, mixed> $exclusive_groups = []

In exclusive groups, only one permission can be active at a time. Format: ['group_name' => true]

$group_title

Titles for permission groups

public static array<string|int, mixed> $group_title = []

This array stores display titles for permission groups. If a group doesn't have a title, it won't appear in the Auth module's permission settings.

$permissions

List of all permission definitions in the system

public static array<string|int, mixed> $permissions = []

This array stores all defined permissions organized by group. Format: ['group_name' => ['permission_name' => 'Permission Title']]

$user_permissions

Current user's active permissions

public static array<string|int, mixed> $user_permissions = []

This array stores the current user's permission states (true/false). Format: ['group_name' => ['permission_name' => true|false]]

Methods

check()

Checks if the current user has permission for a specific action

public static check(string $permission) : bool

This is the main method for permission verification throughout the application. Permission format is 'group.permission_name' (e.g., 'auth.manage').

Special cases:

  • If the user has '_user.is_admin' permission, all checks return true
  • '_user.is_guest' can be checked to determine if the user is a guest
  • '_user.is_authenticated' can be checked to determine if the user is logged in (alias of !is_guest)
Parameters
$permission : string

Permission in format 'group.permission_name'

Tags
example
// Check if user can manage users
if (Permissions::check('auth.manage')) {
    // User can manage users
}

// Check if user is an administrator
if (Permissions::check('_user.is_admin')) {
    // User is an administrator
}

// Check if user is logged in
if (Permissions::check('_user.is_authenticated')) {
    // User is logged in
}
Return values
bool

True if the user has the permission, false otherwise

check_json()

Generate a standardized JSON error response for permission denied

public static check_json(mixed $permission[, string $custom_message = '' ]) : void
Parameters
$permission : mixed
$custom_message : string = ''

Optional custom message to customizations default

Return values
void

Outputs JSON response and exits

get()

Gets permissions for a group or all permissions if no group is specified Does not return user permissions!

public static get([string $group = '' ]) : array<string|int, mixed>

This method returns the permissions for a specific group or all permissions if no group is specified.

Parameters
$group : string = ''

Optional group name

Tags
example
// Get all

$all_permissions = Permissions::get();
// Get permissions for the 'auth' group
$auth_permissions = Permissions::get('auth');
Return values
array<string|int, mixed>

List of permissions

get_group_title()

Gets the title for a permission group

public static get_group_title(string $group) : string

Returns the display title for a permission group or an empty string if not set.

Parameters
$group : string

The permission group name

Return values
string

The group title or empty string if not set

get_groups()

Gets the list of all permission groups with titles

public static get_groups() : array<string|int, mixed>

Returns an array of all permission groups that have titles set.

Return values
array<string|int, mixed>

Array of group titles indexed by group name

get_user_permissions()

Gets user permissions

public static get_user_permissions() : array<string|int, mixed>
Return values
array<string|int, mixed>

User permissions

is_exclusive_group()

Checks if a group is exclusive

public static is_exclusive_group(string $group) : bool

Determines whether a permission group is exclusive (only one permission can be active at a time).

Parameters
$group : string

The permission group name

Return values
bool

True if the group is exclusive, false otherwise

set()

Sets permissions for a group Does not set user permissions!

public static set(string $group, array<string|int, mixed> $permissions[, string|bool $group_name = false ][, bool $exclusive = false ]) : void

This method defines permissions for a specific group. When a permission is set, the current user's permission is initially set to false. The user management system will later activate the permissions granted to the user.

Parameters
$group : string

The permission group name

$permissions : array<string|int, mixed>

List of permissions as ['permission_name' => 'Title']

$group_name : string|bool = false

Optional title for the permission group

$exclusive : bool = false

Whether the group is exclusive (only one permission active at a time)

Tags
example
// Define permissions for the 'auth' group
Permissions::set('auth', [
    'manage' => 'Manage Users',
    'delete' => 'Delete Users'
], 'Authentication', false);

set_exclusive_group()

Sets a group as exclusive or non-exclusive

public static set_exclusive_group(string $group[, bool $exclusive = true ]) : void

In exclusive groups, only one permission can be active at a time. In non-exclusive groups, multiple permissions can be active simultaneously. When a group is set as exclusive, this method ensures only one permission remains active.

Parameters
$group : string

The permission group name

$exclusive : bool = true

True if the group should be exclusive, false otherwise

set_group_title()

Sets the title for a permission group

public static set_group_title(string $group, string $title) : void

If a group title is not set, it won't appear in the Auth module's permission settings. The title can also be set directly using the third parameter of set().

Parameters
$group : string

The permission group name

$title : string

The display title for the group

Tags
example
Permissions::set_group_title('auth', 'Authentication');

set_user_permissions()

Sets permissions for the current user

public static set_user_permissions(string $group, array<string|int, mixed> $permissions) : void

This method assigns permission values to the current user. For exclusive groups, only one permission can be active at a time.

Parameters
$group : string

The permission group name

$permissions : array<string|int, mixed>

Array of permissions as ['permission_name' => true|false]

Tags
example
// Set user permissions for the 'auth' group
Permissions::set_user_permissions('auth', [
    'manage' => true,
    'delete' => false
]);

        
On this page

Search results