Build a module : Permissions

Top of Page

Once one module is installed, the permission "access" is available in the Settings > Uses & Roles > Role Edit panel.

For example, if we edit the "Editor" role, we see for the Demo module : 

The Demo module has no permissions set in its config.php file.
In this case, only the action "access" is available.
If that point isn't clear, read : Using Ionize & Editing Content > Permissions for more info about permissions. 

In this example, the role "Editor" hasn't access to the module "Demo Module".
That means the role "Editor" will not :

  • See the module's icon on the dashboard
  • Can't access to the admin panel of the module (if the module has one) 

Add custom permissions to one moduleTop of Page

To add other permissions than the default one "access", you will need to edit the file config/config.php of the module.

Let's edit the config file of the Demo module and add the lines concerning the resources :

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

$config['module']['demo'] = array
(
'module' => "Demo",
'name' => "Demo Module",
'description' => "Author Demo module. Manage articles's authors.<br/>This module is one Demo module, based on the tutorial available on: http://doc.ionizecms.com/en/tutorials",
'author' => "Partikule",
'version' => "1.1",

'uri' => 'demo',
'has_admin'=> TRUE,
'has_frontend'=> TRUE,

// Array of resources
'resources' => array(
// Authority::can('access', 'module/demo/my_resource')
'my_resource' => array(
'title' => 'My Demo Module Resource'
),
),
);

return $config['module']['demo'];

Let's have a look at the backend panel : Settings > Users & Roles > Role Edition.

We see that the resource we setup in the config file has been added to the available resources for the Demo module :

Ionize module's custom permission

Use the custom permission in codeTop of Page

Permissions are checked with one unique static class : Authority.

Authority can be used in controllers, models, views.

We will build one very simple example.
Edit the Demo module view views/admin/demo.php and add the code from line 14 to 21 :

<div id="maincolumn">

<h2 class="main demo"><?php echo lang('module_demo_title'); ?></h2>

<div class="main subtitle">

<!-- About this module -->
<p class="lite">
<?php echo lang('module_demo_about'); ?>
</p>

</div>

<?php if (Authority::can('access', 'module/demo/my_resource')) :?>

<a class="button light">
<i class="icon plus"></i>
Can access to this button
</a>

<?php endif ;?>

<!-- Will contains the authors list -->
<div id="moduleDemoAuthorsList"></div>
</div>

<script type="text/javascript">

// Init the panel toolbox is mandatory
ION.initModuleToolbox('demo','demo_toolbox');

// Update the authors list
ION.HTML(
'module/demo/author/get_list', // URL to the controller
{}, // Data send by POST. Nothing
{'update':'moduleDemoAuthorsList'} // JS request options
);

</script>

Now, if you login with one user which has one role who doesn't have access to the resource your creates, he will not see the button.

More actions, more flexibilityTop of Page

We will add other actions to the resource we created in the config.php file.

Edit the modules/Demo/config/config.php file and modify the "resource" entry so it looks like :

   // Array of resources
'resources' => array(
'my_resource' => array(
'title' => 'My Demo Module Resource',
'actions' => 'edit,save,delete'
),
),

This added 3 actions and made them checkable in the Settings > Users & Roles > Role Edition panel :

Ionize module permission actions

To use them in controller, models or views :

if (Authority::can('edit', 'module/demo/my_resource))
{
// ...
}

Add one child resource and display it as child of one resource in the backend permission tree

   // Array of resources
'resources' => array(
'my_resource' => array(
'title' => 'My Demo Module Resource',
'actions' => 'edit,save,delete'
),
// Resource as child
'my_resource/one_child_resource' => array
(
// Parent of the module's ressource in the resources tree
'parent' => 'my_resource',
'title' => 'One Child Resource',
'actions' => 'action_1',
),
),

This adds the resource "my_resource/one_child_resource" as child of the resource my_resource :

Ionize module permissions more actions

To use them in controller, models or views :

// the default "access" action :
if (Authority::can('access', 'module/demo/my_resource/one_child_resource))
{
// ...
}

// the added "action_1" action
if (Authority::can('action_1', 'module/demo/my_resource/one_child_resource))
{
// ...
}