Milk Admin

Permissions Class Documentation

This documentation provides a detailed overview of the Permissions class and its functions.

Introduction

The Permissions class manages permissions within the system. It allows defining and verifying permissions for different users.

By default, there is only one group _user which has two permissions assigned: is_admin and is_guest.
If is_guest is false, then the user is logged into the site. By default, if the auth module is not enabled, all users are administrators.


if (Permissions::check('_user.is_guest')) {
        // The user is a guest
}
if (Permissions::check('_user.is_authenticated')) {
        // The user is logged in
}
if (Permissions::check('_user.is_admin')) {
        // The user is an administrator
}

Main Functions

set($group, $permissions, $group_name = null, $exclusive = false)

Sets permissions for a group. If the group is exclusive, only one permission can be active at a time.


Permissions::set('auth', [
    'manage' => 'User Management',
    'delete' => 'User Deletion'
]);
        

get($group = '')

Returns permissions for a specific group or all permissions if no group is specified.


$all_permissions = Permissions::get();
$auth_permissions = Permissions::get('auth');
        

setGroupTitle($group, $title)

Sets the title for a permission group. If the title is not set, it won't appear among the permissions to be set in the Auth module. The title can be set directly using the third parameter of set($group, $permissions, $group_name)


Permissions::setGroupTitle('auth', 'Authentication');
        

getGroupTitle($group)

Returns the title of a permission group.


$auth_title = Permissions::getGroupTitle('auth');
        

getGroups()

Returns the list of permission groups.


$groups = Permissions::getGroups();
        

check($permission)

Checks if the user has permission for a specific action.


$has_permission = Permissions::check('auth.manage');
        
Important: Before calling Permissions::check() in the module's configure() method, ensure the user has been initialized by calling Get::make('Auth'); first. Without this initialization, the system will treat the user as an administrator by default.

// In module configure() method
protected function configure($rule): void
{
    // Initialize the authenticated user first
    Get::make('Auth');

    // Now it's safe to check permissions
    if (!Permissions::check('mymodule.access')) {
        // Permission denied
    }
}
        

checkJson($permission)

Checks if the user has permission for a specific action and outputs a JSON response if the user does not have permission.

Permissions::checkJson('auth.manage');
// user has permission to manage users

setUserPermissions($group, $permissions)

Sets permissions for a user. If the group is exclusive, only one permission can be active at a time.


Permissions::setUserPermissions('auth', [
    'manage' => true,
    'delete' => false
]);
        

Exclusive Groups Management

setExclusiveGroup($group, $exclusive = true)

Sets a group as exclusive or non-exclusive. If a group is exclusive, only one permission within the group can be active at a time. By default, groups are non-exclusive (allowing multiple active permissions simultaneously).


// Set a group as exclusive
Permissions::setExclusiveGroup('access_level', true);

// Set a group as non-exclusive (default)
Permissions::setExclusiveGroup('features', false);
        

isExclusiveGroup($group)

Checks if a group is exclusive.


$is_exclusive = Permissions::isExclusiveGroup('access_level');
        

Usage Examples

Configuring Groups with Exclusive Permissions

When a group is set as exclusive, only one permission can be active at a time. This is useful for roles or access levels.


// Configure an exclusive permission group for access levels
Permissions::setGroupTitle('access_level', 'Access Level');
Permissions::setExclusiveGroup('access_level', true);
Permissions::set('access_level', [
    'view' => 'View Only', 
    'edit' => 'Edit', 
    'manage' => 'Full Management'
]);

// Assign a specific access level to the user
// Only the first true permission will be considered active
Permissions::setUserPermissions('access_level', [
    'view' => false, 
    'edit' => true, 
    'manage' => true
]);
// Result: only 'edit' will be active, 'manage' will be disabled
        

Configuring Groups with Non-Exclusive Permissions (Default)

By default, groups are non-exclusive, allowing multiple permissions to be active simultaneously. This is useful for features or modules.


// Configure a non-exclusive permission group for features
Permissions::setGroupTitle('modules', 'Modules');
// No need to call set_exclusive_group since groups are non-exclusive by default
Permissions::set('modules', [
    'users' => 'User Management',
    'content' => 'Content Management',
    'settings' => 'Settings'
]);

// Assign multiple permissions to the user
Permissions::setUserPermissions('modules', [
    'users' => true,
    'content' => true,
    'settings' => false
]);
// Result: both 'users' and 'content' will be active, 'settings' will be disabled
        
Loading...