Skip to content

Permissions

Managing user roles and access control in the Gold Standard Module.

Overview

The Gold Standard Module integrates with XOOPS's group-based permission system while adding module-specific permissions for fine-grained access control.

flowchart TB
    subgraph "Permission Hierarchy"
        A[Global Admin] --> B[Module Admin]
        B --> C[Content Manager]
        C --> D[Author]
        D --> E[Registered User]
        E --> F[Anonymous]
    end

Permission Types

Global Permissions

Permission Description Default Groups
module_access Access the module All
module_admin Access admin panel Webmasters

Content Permissions

Permission Description Default Groups
article_view View published articles All
article_view_draft View draft articles Authors, Admins
article_create Create new articles Registered, Authors
article_edit_own Edit own articles Authors
article_edit_any Edit any article Editors, Admins
article_delete_own Delete own articles Authors
article_delete_any Delete any article Admins
article_publish Publish articles Editors, Admins

Category Permissions

Permission Description Default Groups
category_view View category All
category_submit Submit to category Registered
category_moderate Moderate category Moderators

Comment Permissions

Permission Description Default Groups
comment_view View comments All
comment_post Post comments Registered
comment_edit_own Edit own comments Registered
comment_moderate Moderate all comments Moderators

Setting Permissions

Via Admin Panel

  1. Navigate to Admin → Modules → Gold Standard
  2. Click Permissions
  3. Select permission type (Global, Categories, etc.)
  4. Check/uncheck groups for each permission
  5. Click Save

Permission Matrix

flowchart LR
    subgraph "Permission Matrix"
        direction TB
        P1[View] --> G1[Anonymous ✓]
        P1 --> G2[Registered ✓]
        P1 --> G3[Admin ✓]

        P2[Create] --> G1a[Anonymous ✗]
        P2 --> G2a[Registered ✓]
        P2 --> G3a[Admin ✓]

        P3[Delete] --> G1b[Anonymous ✗]
        P3 --> G2b[Registered ✗]
        P3 --> G3b[Admin ✓]
    end

Via Code

use Xmf\Module\Helper\Permission;

$permHelper = new Permission('goldstandard');

// Check permission
if ($permHelper->checkPermission('article_create')) {
    // User can create articles
}

// Check category permission
if ($permHelper->checkPermission('category_submit', $categoryId)) {
    // User can submit to this category
}

// Get groups with permission
$groups = $permHelper->getGroupsForPermission('article_publish');

Group Configuration

Creating Custom Groups

For complex permission needs, create custom XOOPS groups:

  1. Authors Group - Can create and edit own articles
  2. Editors Group - Can edit and publish any article
  3. Moderators Group - Can moderate comments and content
Group Permissions
Anonymous View articles, View comments
Registered + Create articles, Post comments
Authors + Edit own, Delete own
Editors + Edit any, Publish
Moderators + Moderate comments, View drafts
Admins All permissions

Category-Based Permissions

Permissions can be set per-category:

Category Access Control

// Check if user can view category
$canView = $permHelper->checkPermission('category_view', $categoryId);

// Check if user can submit to category
$canSubmit = $permHelper->checkPermission('category_submit', $categoryId);

Setting Category Permissions

  1. Go to Admin → Categories
  2. Click Permissions next to category
  3. Set View/Submit permissions per group
  4. Save changes

Item-Level Permissions

For individual article permissions:

Owner-Based

// Check if user owns the article
$isOwner = ($article->getAuthorId() === $currentUser->uid());

// Owner can always edit their own articles
if ($isOwner && $permHelper->checkPermission('article_edit_own')) {
    // Allow edit
}

Custom Item Permissions

// Set custom permission for specific article
$permHelper->setItemPermission(
    permission: 'article_view',
    itemId: $article->getId(),
    groupIds: [XOOPS_GROUP_USERS, XOOPS_GROUP_ADMIN]
);

API Permissions

API Authentication

// API endpoint permission check
#[Route('/api/articles', methods: ['POST'])]
#[RequirePermission('article_create')]
public function createArticle(Request $request): Response
{
    // Only accessible with article_create permission
}

API Scopes

Scope Permissions Granted
read View articles, comments
write Create, edit own
admin Full access

Permission Inheritance

flowchart TB
    A[Module Admin] -->|inherits| B[All Content Permissions]
    C[article_edit_any] -->|inherits| D[article_edit_own]
    E[article_delete_any] -->|inherits| F[article_delete_own]
    G[comment_moderate] -->|inherits| H[comment_edit_own]

Checking Permissions in Templates

Smarty Templates

<{if $xoops_isadmin}>
    <a href="admin.php">Admin Panel</a>
<{/if}>

<{if $can_edit}>
    <a href="edit.php?id=<{$article.id}>">Edit</a>
<{/if}>

<{if $can_delete}>
    <a href="delete.php?id=<{$article.id}>">Delete</a>
<{/if}>

Controller Setup

// Pass permissions to template
$xoopsTpl->assign('can_edit', $permHelper->checkPermission('article_edit_own'));
$xoopsTpl->assign('can_delete', $permHelper->checkPermission('article_delete_own'));

Troubleshooting

Common Issues

Issue Solution
User can't access module Check module_access permission
User can't create content Check article_create permission
User can't see category Check category-level view permission
API returns 403 Check API scope and authentication

Debug Permissions

// Log permission checks
$permHelper->setDebug(true);

// Check what groups user belongs to
$userGroups = $GLOBALS['xoopsUser']->getGroups();

// Check all permissions for current user
$allPerms = $permHelper->getAllPermissionsForUser($userId);

goldstandard #permissions #security #access-control