Permission Helper¶
XOOPS has a powerful and flexible permission system based on user group membership. The XMF Permission Helper simplifies working with these permissions, reducing complex permission checks to single method calls.
Overview¶
The XOOPS permission system associates groups with: - Module ID - Permission name - Item ID
Checking permissions traditionally requires finding user groups, looking up module IDs, and querying the permission tables. The XMF Permission Helper handles all of this automatically.
Getting Started¶
Creating a Permission Helper¶
// For the current module
$permHelper = new \Xmf\Module\Helper\Permission();
// For a specific module
$permHelper = new \Xmf\Module\Helper\Permission('mymodule');
The helper automatically uses the current user's groups and the specified module's ID.
Checking Permissions¶
Does the User Have Permission?¶
Check if the current user has a specific permission for an item:
$permHelper = new \Xmf\Module\Helper\Permission();
// Check if user can view topic ID 42
$canView = $permHelper->checkPermission('viewtopic', 42);
if ($canView) {
// Display the topic
} else {
// Show access denied message
}
Check with Redirect¶
Automatically redirect users who lack permission:
$permHelper = new \Xmf\Module\Helper\Permission();
$topicId = 42;
// Redirects to index.php after 3 seconds if no permission
$permHelper->checkPermissionRedirect(
'viewtopic',
$topicId,
'index.php',
3,
'You are not allowed to view that topic'
);
// Code here only runs if user has permission
displayTopic($topicId);
Admin Override¶
By default, admin users always have permission. To check even for admins:
// Normal check - admins always have permission
$hasPermission = $permHelper->checkPermission('viewtopic', $id);
// Check even for admins (third parameter = false)
$hasPermission = $permHelper->checkPermission('viewtopic', $id, false);
Get Permitted Item IDs¶
Retrieve all item IDs that specific groups have permission for:
// Get items the current user's groups can view
$viewableIds = $permHelper->getItemIds('viewtopic', $GLOBALS['xoopsUser']->getGroups());
// Get items a specific group can view
$viewableIds = $permHelper->getItemIds('viewtopic', [XOOPS_GROUP_USERS]);
// Use in queries
$criteria = new Criteria('topic_id', '(' . implode(',', $viewableIds) . ')', 'IN');
Managing Permissions¶
Get Groups for an Item¶
Find which groups have a specific permission:
$permHelper = new \Xmf\Module\Helper\Permission();
// Get groups that can view topic 42
$groups = $permHelper->getGroupsForItem('viewtopic', 42);
// Returns: [1, 2, 5] (array of group IDs)
Save Permissions¶
Grant permission to specific groups:
$permHelper = new \Xmf\Module\Helper\Permission();
// Allow groups 1, 2, and 3 to view topic 42
$groups = [1, 2, 3];
$permHelper->savePermissionForItem('viewtopic', 42, $groups);
Delete Permissions¶
Remove all permissions for an item (typically when deleting the item):
$permHelper = new \Xmf\Module\Helper\Permission();
$topicId = 42;
// Delete view permission for this topic
$permHelper->deletePermissionForItem('viewtopic', $topicId);
For multiple permission types:
// Delete multiple permission types at once
$permissionNames = ['viewtopic', 'posttopic', 'edittopic'];
$permHelper->deletePermissionForItem($permissionNames, $topicId);
Form Integration¶
Adding Permission Selection to Forms¶
The helper can create a form element for selecting groups:
$permHelper = new \Xmf\Module\Helper\Permission();
// Build your form
$form = new XoopsThemeForm('Edit Topic', 'topicform', 'save.php');
// Add title field, etc.
$form->addElement(new XoopsFormText('Title', 'title', 50, 255, $topic->getVar('title')));
// Add permission selector
$form->addElement(
$permHelper->getGroupSelectFormForItem(
'viewtopic', // Permission name
$topicId, // Item ID
'Groups with View Topic Permission' // Caption
)
);
$form->addElement(new XoopsFormButton('', 'submit', 'Save', 'submit'));
Form Element Options¶
The full method signature:
getGroupSelectFormForItem(
$gperm_name, // Permission name
$gperm_itemid, // Item ID
$caption, // Form element caption
$name, // Element name (auto-generated if empty)
$include_anon, // Include anonymous group (default: false)
$size, // Number of visible rows (default: 5)
$multiple // Allow multiple selection (default: true)
)
Processing Form Submission¶
use Xmf\Request;
$permHelper = new \Xmf\Module\Helper\Permission();
$topicId = Request::getInt('topic_id', 0);
// Get the auto-generated field name
$fieldName = $permHelper->defaultFieldName('viewtopic', $topicId);
// Get selected groups from form
$selectedGroups = Request::getArray($fieldName, [], 'POST');
// Save the permissions
$permHelper->savePermissionForItem('viewtopic', $topicId, $selectedGroups);
Default Field Name¶
The helper generates consistent field names:
$fieldName = $permHelper->defaultFieldName('viewtopic', 42);
// Returns something like: 'mymodule_viewtopic_42'
Complete Example: Permission-Protected Items¶
Creating an Item with Permissions¶
<?php
use Xmf\Request;
use Xmf\Module\Helper;
use Xmf\Module\Helper\Permission;
require_once dirname(dirname(__DIR__)) . '/mainfile.php';
require_once XOOPS_ROOT_PATH . '/header.php';
$helper = Helper::getHelper('mymodule');
$permHelper = new Permission('mymodule');
$op = Request::getCmd('op', 'form');
$itemId = Request::getInt('id', 0);
switch ($op) {
case 'save':
// Save item data
$handler = $helper->getHandler('items');
if ($itemId > 0) {
$item = $handler->get($itemId);
} else {
$item = $handler->create();
}
$item->setVar('title', Request::getString('title', ''));
$item->setVar('content', Request::getText('content', ''));
if ($handler->insert($item)) {
$newId = $item->getVar('item_id');
// Save view permission
$viewFieldName = $permHelper->defaultFieldName('view', $newId);
$viewGroups = Request::getArray($viewFieldName, [], 'POST');
$permHelper->savePermissionForItem('view', $newId, $viewGroups);
// Save edit permission
$editFieldName = $permHelper->defaultFieldName('edit', $newId);
$editGroups = Request::getArray($editFieldName, [], 'POST');
$permHelper->savePermissionForItem('edit', $newId, $editGroups);
redirect_header('index.php', 2, 'Item saved');
}
break;
case 'form':
default:
$handler = $helper->getHandler('items');
if ($itemId > 0) {
$item = $handler->get($itemId);
} else {
$item = $handler->create();
$itemId = 0;
}
$form = new XoopsThemeForm('Edit Item', 'itemform', 'edit.php');
$form->addElement(new XoopsFormHidden('op', 'save'));
$form->addElement(new XoopsFormHidden('id', $itemId));
$form->addElement(new XoopsFormText('Title', 'title', 50, 255, $item->getVar('title')));
$form->addElement(new XoopsFormTextArea('Content', 'content', $item->getVar('content')));
// View permission selector
$form->addElement(
$permHelper->getGroupSelectFormForItem('view', $itemId, 'Groups that can view')
);
// Edit permission selector
$form->addElement(
$permHelper->getGroupSelectFormForItem('edit', $itemId, 'Groups that can edit')
);
$form->addElement(new XoopsFormButton('', 'submit', 'Save', 'submit'));
$form->display();
break;
}
require_once XOOPS_ROOT_PATH . '/footer.php';
Viewing with Permission Check¶
<?php
use Xmf\Request;
use Xmf\Module\Helper;
use Xmf\Module\Helper\Permission;
require_once dirname(dirname(__DIR__)) . '/mainfile.php';
$helper = Helper::getHelper('mymodule');
$permHelper = new Permission('mymodule');
$itemId = Request::getInt('id', 0);
// Check view permission - redirects if denied
$permHelper->checkPermissionRedirect(
'view',
$itemId,
'index.php',
3,
'You do not have permission to view this item'
);
require_once XOOPS_ROOT_PATH . '/header.php';
// User has permission, display the item
$handler = $helper->getHandler('items');
$item = $handler->get($itemId);
$xoopsTpl->assign('item', $item->toArray());
// Show edit button only if user has edit permission
if ($permHelper->checkPermission('edit', $itemId)) {
$xoopsTpl->assign('can_edit', true);
$xoopsTpl->assign('edit_url', $helper->url('edit.php?id=' . $itemId));
}
require_once XOOPS_ROOT_PATH . '/footer.php';
Deleting with Permission Cleanup¶
<?php
use Xmf\Request;
use Xmf\Module\Helper;
use Xmf\Module\Helper\Permission;
$helper = Helper::getHelper('mymodule');
$permHelper = new Permission('mymodule');
$itemId = Request::getInt('id', 0);
// Delete the item
$handler = $helper->getHandler('items');
$item = $handler->get($itemId);
if ($item && $handler->delete($item)) {
// Clean up all permissions for this item
$permissionNames = ['view', 'edit', 'delete'];
$permHelper->deletePermissionForItem($permissionNames, $itemId);
redirect_header('index.php', 2, 'Item deleted');
}
API Reference¶
| Method | Description |
|---|---|
checkPermission($name, $itemId, $trueIfAdmin) | Check if user has permission |
checkPermissionRedirect($name, $itemId, $url, $time, $message, $trueIfAdmin) | Check and redirect if denied |
getItemIds($name, $groupIds) | Get item IDs groups can access |
getGroupsForItem($name, $itemId) | Get groups with permission |
savePermissionForItem($name, $itemId, $groups) | Save permissions |
deletePermissionForItem($name, $itemId) | Delete permissions |
getGroupSelectFormForItem(...) | Create form select element |
defaultFieldName($name, $itemId) | Get default form field name |
See Also¶
- XMF-Module-Helper - Module helper documentation
- Module-Admin-Pages - Admin interface creation
- Getting-Started-with-XMF - XMF basics