HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Custom Permission

Hi, Is There any specific way to create our custom permissions.Kindly help!


  • Options
    sparrowhawk66sparrowhawk66 Kraków New

    What do you mean?
    There is a good permission grid for categories and users or you can create custom users with custom permissions. What do you want to achieve?

  • Options
    R_JR_J Ex-Fanboy Munich Admin

    I assume you like to define permissions for your plugin and you want to know how to add them? You can simply do so by namig them in the PluginsInfo array / the addon.json

    There is a snippet in the docs about that: https://docs.vanillaforums.com/developer/addons/addon-quickstart/#define-new-permissions

    You can also look at the Pockets plugin for an example:

  • Options
    R_JR_J Ex-Fanboy Munich Admin

    Are you allowed to share what you are working on? I'm just super curious! =)

  • Options

    Actually I am creating my own application.
    Here is my controller code--
    $userCategories = $this->categoryService->getCategories(['followed'=>true]);

        if ($this->userType === 'Login' && empty($userCategories)) {
            // Permission Failed
            return redirectTo('/landing');

    So i want to made a custom permission for this types of restrictions, Some other frameworks provides middlewares types of functionalities for such operations, So I want to know how can we handle this in vanilla.

  • Options
    R_JR_J Ex-Fanboy Munich Admin

    I would be something like that in the addon.json:

        "registerPermissions": {
            "Plugins.MyAddon.View" => 1,
            "Plugins.MyAddon.Manage" => 0,

    And in your controller you would be able to handle this like that:

    public function vanillaController_myAddon_create($sender) {
        // This will throw a permission exception if the session user or to be more precise: his role, doesn't have this permission.
        // See class.controller.php->permission() for more information
        // Or you can handle the result of the check by yourself.
        // You can specify an array of permissions and either require all permissions or any of them
        // The checkPermission function is a shortcut for  Gdn::session()->checkPermission(). See there for more info
        if (!checkPermission('Plugins.MyAddon.Manage')) {

    By the way: I'm pretty sure you need to write only redirectToand not return redirectTo

  • Options

    I am little bit confused now, Where can we set criteria for this 'Plugins.MyAddon.View' to be true. Is there any way where we can set the definition for this permission?

  • Options
    R_JR_J Ex-Fanboy Munich Admin

    That's the first part of my posting and it is explained in the docs. You simply add the permissions you would like to use to your addon.json file. When the plugin is enabled, all the plugins under the registerPermissions key are created automatically.

    If you change the addon.json during development, you need to delete /cache/addons.php in order to force Vanilla to parse the plugin information again.

    You can give default values to this permissions`, see the docs for that.

    After you have enabled your plugin, you can see those permissions in the user roles section in the dashboard.

Sign In or Register to comment.