Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

[Writing Extensions] Setting up Permissions

edited July 2007 in Vanilla 1.0 Help
I'm branching off from the Who's Online discussion, only because I want to expand the idea over a few different extensions that I plan on building/mod'ing.

However, at the current moment, I am mod'ing the Who's Online extension so that it only shows for those who have their permissions set up to do so. Mainly, the administrators. Currently, this is what Who's Online looks like, with my modifications:
$Context->Dictionary["MenuOptions"] = "Menu Options"; $Context->Dictionary["HideWhosOnline"] = "Hide the \"Who's Online\" panel"; $Context->Dictionary["Phantom"] = "Hide my username from the \"Who's Online\" panel"; $Context->Dictionary['PERMISSION_SEE_WHOS_ONLINE'] = "See \"Who's Online\" panel"; // Default permissions $Context->Configuration['PERMISSION_SEE_WHOS_ONLINE'] = '0'; if ( $Context->Session->UserID > 0 && $Context->Session->User->Permission('PERMISSION_SEE_WHOS_ONLINE') ) { // extension code that adds list to the panel goes here } class WhosOnline { var $Name; var $Context;
Basically, the goal is to add a permission to an existing extension. I'd like to do the same thing with the Discussion Filters Extension as well as the Side Panel Extension, which I am hoping to combine with a ajax-shoutcast-like chat with.

BUT -- Getting this permissions thing underwraps is the only thing stopping me from doing what I need. The above code does not effect the extension. I can see it no matter if I have I have the permission set or not.

What am I doing wrong?

Comments

  • Options
    Am I asking for something that is totally out of the question?
  • Options
    Only extension that I know of that uses permissions is Attachments 2.0. Will peek around in that and see what can be done.

    ::Ponders another meta-extension that could easily add permissions to any extension::
  • Options
    edited October 2006
    Sorry this took so long, finally had a chance to test this out... you were so close its not even funny.

    Here is what you need to do:

    Cut this line out of the top of the extension and into your clipboard:
    if ( $Context->Session->UserID > 0 && $Context->Session->User->Permission('PERMISSION_SEE_WHOS_ONLINE') ) {
    and delete the two lines below it. (the comment and the closing curly brace)

    Scroll down until you see this line $WhosOnline = $Context->ObjectFactory->NewContextObject($Context, "WhosOnline");
    (it should be around line 145)

    Paste from the clipboard before that line.


    Remove the close curly brace from line 11

    and finally, scroll all the way to the bottom, and type a close curly brace } on the line before the ?>
  • Options
    Awwww yeaaahhh!!!

    That worked perfectly. Thank you so much WallPhone. Now I can start building the other extensions that I need. Eventually... when I can find time. Now that I know how to do it, I'm swamped with other crap : )
  • Options
    I did this and got it working pretty easy. However, I changed the name of the PERMISSION and I now notice that the plugin has left some, rather ugly looking, options in the Roles & Permissions area. (Note: this also happens when you simply disable the plugin)

    bad permissions setup

    Is there a way to "clear" these when you're plugin is deactivated? Perhaps the permissions page should hide options from view if it can't find a translation string (thus leaving the value at default with a hidden input or something.)
  • Options
    It looks like the permissions are saved in the LUM_Role table. Its a bit tough to fix (not a simple SQL query) because most permissions are lumped together in one field.

    At least its in the role table, with 3-6 rows instead of the user table...
  • Options
    Oh, yeah, I have no doubt it's a serialized array/object in the roles table. I'm just curious if this issue has come up before and how it can be dealt with -- or if I need to come up with something in particular to deal with it.
  • Options
    edited December 2006
    You can at least make then look nicer by adding them to your language definitions.php.

    For example:
    $Context->Dictionary['PERMISSION_ALLOW_DEBUG_INFO'] = 'Can view debug info';
  • Options
    I dont think thats his problem - I think he knows how to do it but he changed the actual permission index and the old ones have been left in which are now redundant. The same thing happens when you disable extensions - the preferences/permissions/whatever arent cleaned up. Mark knows about it but i think he was having difficulty working out the best way to deal with it.
  • Options
    I think something along the lines of
    if( empty(Permissions[$perm]) ) { // don't display, but keep the variable set as a hidden element } else { //normal display }

    That way, if an extension is disabled or changes, the old settings still stick around (in case it is only a temporary enabling) but you don't have the uglies shoved in your face. Can you see any problem with that?
  • Options
    The extension I've been working on adds permissions, so I have this issue as well. I ended up doing a hack that removes the associated permission keys when the extension is disabled (after a temporary manual change to appg/init_ajax.php). If anyone wants to use this code in their extension, or to write a generic permission-removal tool, feel free:

    // Function to remove a permission key from a role in the database. function RemovePermissionKeyFromRole($Role, $Permission = ""){ if (array_key_exists($Permission,$Role->Permissions)){ unset($Role->Permissions[$Permission]); } } // Function to save just the permissions of a role to the database. function SaveRolePermissions($Context,$Role){ $Role->FormatPropertiesForDatabaseInput(); // Build a custom query to replace the role permissions. $Query = $Context->ObjectFactory->NewContextObject($Context, 'SqlBuilder'); $Query->SetMainTable('Role','r'); $Query->AddFieldNameValue('Permissions',$Role->Permissions); $Query->AddWhere('r','RoleID','',$Role->RoleID,'='); // Update the database and report errors if necessary. $RowCount = $Context->Database->Update($Query,'XX','RemovePermissionKey', $Context->GetDefinition('XX_ErrorRemovingPermissions')); if ($RowCount != 1){ $Context->WarningCollector->Add( $Context->GetDefinition('XX_ErrorRemovingPermissions')); } } // This function removes a particular permission key and value from // all roles that contain it, and saves the modified roles back to the // database. function RemovePermissionFromAllRoles($Context, $Permission) { $RoleManager = $Context->ObjectFactory->NewContextObject($Context, 'RoleManager'); $RoleData = $RoleManager->GetRoles(); while ($Row = $Context->Database->GetRow($RoleData)){ $Role = $Context->ObjectFactory->NewContextObject($Context, 'Role'); $Role->Clear(); $Role->GetPropertiesFromDataSet($Row); // Modify the role only if it contains the permission key. if (array_key_exists($Permission,$Role->Permissions)){ RemovePermissionKeyFromRole($Role, $Permission); SaveRolePermissions($Context,$Role); } } }
This discussion has been closed.