Class \Scrivo\AccessController
Class that deals with the user permissions on objects.
The AccessController class implements the fuctionality to determine user access level to objects like pages and assets.
Access rights are expressed as bit flags. There are three different access right defined:
- AccessController::READ_ACCESS: first bit set (=1)
- AccessController::WRITE_ACCESS: second bit set (=2)
- AccessController::PUBLISH_ACCESS: third bit set (=4)
It is important to note that Scrivo uses access levels internally. This means that although there are different permissions (READ_ACCESS, WRITE_ACCESS, etc.) defined they are not used indivudally: WRITE_ACCESS always implies READ_ACCESS permission (WRITE_ACCESS always means READ_ACCESS+WRITE_ACCESS, PUBLISH_ACCESS always means READ_ACCESS+WRITE_ACCESS+PUBLISH_ACCESS).
This means that when you retrieve a permission you are guaranteed to retrieve one of the values (0, 1, 3 or 7). Using bit flags might suggest otherwise, but note that other combinations are not possible.
This also means that you can use either bitwise operations or comparison when checking a permission:
if (AccessController::getPermission($aContext, $anObjectId) >= AccessController::ACCESS_LEVEL_READ) { ... }
is equivalent to:
if (AccessController::getPermission($aContext, $anObjectId) & AccessController::ACCESS_LEVEL_READ) { ... }
Note that AccessController::checkPermission(...) is probably easier to use.
Another feature is that Scrivo users are differentiated into three catagories which limits the range of atainable permissions:
- Members (Users::STATUS_MEMBER), these users represent the group of users that visit the actual site: Their users access levels can only be one of NO_ACCESS or READ_ACCESS.
- Editors (Users::STATUS_EDITOR), the users that login in to do editing work Scrivo: These users have access level can range from READ_ACCESS to PUBLISH_ACCESS.
- Super users (Users::STATUS_ADMIN), users that can access everything. These users always have PUBLISH_ACCESS.
In other words members can read what they are allowed to but never write, editors can write (and possibly publish) what they are allowed to and always read and admins can do everthing.
For a description of Scrivo user see the Scrivo::User class and to see how access rights are granted to users see the Scrivo::Role class.
Defined in: AccessController.php.
| Name | Description |
|---|---|
| PUBLISH_ACCESS | Bit flag that indicates that the user has publiser rights. |
| READ_ACCESS | Bit flag that indicates that the user has read access. |
| WRITE_ACCESS | Bit flag that indicates that the user has write access. |
| Attr. | Type | Name / Description |
|---|---|---|
| public static | boolean |
checkPermission($context, $perm, $objectId) Check the permission of a user on an object (page or asset). |
| public static | int |
getPermission($context, $objectId) Get the permission of a user on an object (page or asset). |
| public static | int[] |
getPermissionsOnAssets($context, $parentId) Get the permissions of a user on a set of assets. |
| private static | int[] |
getPermissionsOnObjects($context, $queryParts, $parentId) Get the permissions on a series of objects for a given user. |
| public static | int[] |
getPermissionsOnPages($context, $parentId) Get the permissions of a user on a set of pages. |
Constants
- PUBLISH_ACCESS
-
Bit flag that indicates that the user has publiser rights.
Value: 4
View source: AccessController.php line 110.
- READ_ACCESS
-
Bit flag that indicates that the user has read access.
Value: 1
View source: AccessController.php line 100.
- WRITE_ACCESS
-
Bit flag that indicates that the user has write access.
Value: 2
View source: AccessController.php line 105.
Methods
- public static boolean checkPermission(\Scrivo\Context $context, int $perm, int $objectId=null)
-
Check the permission of a user on an object (page or asset).
Note that a valid user and object id are assumed. Invalid user ids will raise an exception but invalid object ids are accepted and the given permission will then be the checked against the minimum access permission for the given user.
Parameters:
Type Name Def. Description \Scrivo\Context $context A connection to a Scrivo database.
int $perm The permission to test (READ_ACCESS || WRITE_ACCESS || PUBLISH_ACCESS)
int $objectId null A valid object id of a page or asset.
Returns:
boolean Check the permission of a user on an object (page or asset).
View source: AccessController.php line 128.
- public static int getPermission(\Scrivo\Context $context, int $objectId=null)
-
Get the permission of a user on an object (page or asset).
Note that a valid user and object id are assumed. Invalid user ids will raise an exception but invalid object ids are accepted and assigned the minimum access permission for the given user.
Parameters:
Type Name Def. Description \Scrivo\Context $context A connection to a Scrivo database.
int $objectId null A valid object id of a page or asset.
Returns:
int Get the permission of a user on an object (page or asset).
View source: AccessController.php line 152.
- public static int[] getPermissionsOnAssets(\Scrivo\Context $context, int $parentId=-1)
-
Get the permissions of a user on a set of assets.
You can either get the permissions of the user on all assets or retrieve them for all assets in a folder (not recursive) that is identified by the optional parent id.
Parameters:
Type Name Def. Description \Scrivo\Context $context A connection to a Scrivo database.
int $parentId -1 An optional parent id to make a subselection of pages.
Returns:
int[] Get the permissions of a user on a set of assets.
View source: AccessController.php line 374.
- private static int[] getPermissionsOnObjects(\Scrivo\Context $context, string[] $queryParts, int $parentId=-1)
-
Get the permissions on a series of objects for a given user.
Parameters:
Type Name Def. Description \Scrivo\Context $context A connection to a Scrivo database.
string[] $queryParts An array that contains SQL fragments to do the proper select statments for the given case.
int $parentId -1 An optional parent id to use in the selection of the objects.
Returns:
int[] Get the permissions on a series of objects for a given user.
View source: AccessController.php line 231.
- public static int[] getPermissionsOnPages(\Scrivo\Context $context, int $parentId=-1)
-
Get the permissions of a user on a set of pages.
You can either get the permissions of the user on all pages or retrieve them for all pages directly underneath (not recursive) the page that is identified by the optional parent id.
Parameters:
Type Name Def. Description \Scrivo\Context $context A connection to a Scrivo database.
int $parentId -1 An optional parent id to make a subselection of pages.
Returns:
int[] Get the permissions of a user on a set of pages.
View source: AccessController.php line 331.
Documentation generated by phpDocumentor 2.0.0a12 and ScrivoDocumentor on August 29, 2013
