Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

How to set Permission for own Applications

renepennerrenepenner
edited February 2010 in Vanilla 2.0 - 2.8
Hi ...

today i try a deeper look into the Permissionmodel of Garden and i´m not sure if it´s possible to set Permissions for my own Application, because there are "hardcoded" columnnames of the permission table. Is it possible to add a permission
e.g.:

MyApplication.myController.Add
MyApplication.myController.Edit
MyApplication.myController.Delete
...

My thar is a good way to to this ... than let my now;)

LG
René

Comments

  • lucluc ✭✭
    Just look at how vanilla or conversation is doing it. They use the permissionmodel from garden.
  • renepennerrenepenner
    ok i try this:

    $PermissionModel = Gdn::PermissionModel();
    $PermissionModel->Database = $Database;
    $PermissionModel->SQL = $SQL;

    $PermissionModel->Define(array(
    'CichlidWiki.Settings.Manage',
    'CichlidWiki.Genus.Add',
    'CichlidWiki.Genus.Edit',
    'CichlidWiki.Genus.Delete'
    ));


    And it run!!

    realy realy cool permissionmodel! You have to wirte a Documentation ;)
  • LouisLouis
    edited February 2010
    @Mark Yes, you really need to document either Permissions or the magic behind data models -- I can't get this kind of code to work, it never modifies the table to add my permission in PermissionModel's Define, and I've no idea why. Here's my structure.php which I'm running via /utility/structure/digitalmedia 
    <?php if (!defined('APPLICATION')) exit();

    if (!isset($Drop))
       $Drop = FALSE;

    if (!isset($Explicit))
       $Explicit = TRUE;

    $SQL = $Database->SQL();

    $PermissionModel = Gdn::PermissionModel();
    $PermissionModel->Database = $Database;
    $PermissionModel->SQL = $SQL;

    // Define some global vanilla permissions.
    $PermissionModel->Define('DigitalMedia.Lab.Time');

    // Make sure that User.Permissions is blank so new permissions for users get applied.
    // $SQL->Update('User', array('Permissions' => ''))->Put();
    Oh and you might also note that $SQL is missing from the default structure.php in skeleton, as is $construct.

    I'm also confused--do I have to add the permission to RegisterPermissions in about.php for my app? I haven't tried that yet, but if so, why doesn't Vanilla?

    Anyway, the above code gives the following error:

    Fatal Error in Gdn_DatabaseDebug.Query();

    Unknown column 'DigitalMedia.Lab.Time' in 'field list'
    update GDN_Permission Permission set
    `DigitalMedia.Lab.Time` = :DigitalMediaLabTime
    where RoleID = :RoleID and JunctionTable is null and JunctionColumn is null

    where the key backtrace lines are:

    [/home/simplerca/dm.lsta.me/applications/garden/models/class.permissionmodel.php:43] Gdn_SQLDriver->Replace();
    [/home/simplerca/dm.lsta.me/applications/digitalmedia/settings/structure.php:27] Gdn_PermissionModel->Define();

    Line 43 of PermissionModel says: $this->SQL->Replace('Permission', $this->_Backtick($DefaultPermissions), array('RoleID' => 0, 'JunctionTable' => $JunctionTable, 'JunctionColumn' => $JunctionColumn));
  • LouisLouis
    edited February 2010
    @Mark @luc @renepenner -- Wow, permissions are dead simple. I just changed 'RegisterPermissions' in my app's about.php to an array of the permissions options I wanted, and it worked after disabling and enabling the app, with seemingly no further hacks needed.

    This doesn't change how PermissionModel was failing me (above), but at least I have an easy option that works. For each permission in the array, the Roles edit screen will create an HTML table based on the dot-separated hierarchy: 
    'RegisterPermissions' => array('AppName.Row.Column1','AppName.Row.Column2')
    My only question now, is can we use spaces? Or are underscores converted to spaces? I guess I'll have to try it and find out...
  • LouisLouis
    edited February 2010
    Okay, forget the TableName stuff above, it seems the Roles edit page will show only tables for enabled apps--which means the first part of your permssion has to map the app's name string or it won't be shown. It will, however, get added to the database, even if not shown on the Roles page. It does seem as if -- as long as PDO allows a table column with spaces in it, you can put spaces in your second or third part of the permissions and those spaces will be preserved and output in the Roles table. But it looks kind of odd if you use more than one short word ...
  • LouisLouis
    DON'T USE SPACES -- discovered the hard way that PDO doesn't like em. Simple fix, delete the column.

    I would suggest that underscores be converted to spaces when presenting the application name or permission name, etc. Alternatively, if these app/column names are passed through translation, I could imagine the conversion being performed there instead.
Sign In or Register to comment.