Permissions

Overview

AWF2 features a flexible and powerful permissions system. It's similar to POSIX permissions ("UNIX filesystem"), but additionally offers flags for member, editor and admin rights (read, write, delete). Publishers don't have an extra flag, as they're supposed to publish content only. A publisher normally is editor and/or admin too.

Every object inside AWF2 has permissions. Objects can be users, groups, documents, links, forums, modules and so on. You can change the permissions on the Permissions page of each edit window. If you specify permissions for object containers (e.g. on admin/user_management.php?page=user_permissions), they will be inherited to newly created objects. It's also possible to inherit the permissions to all objects instantly, if you click on the Inherit Permissions button. If you're on the Permissions page of a single object, and not a container, the button has no effect.

Technical Description

Permissions for all objects are stored in the database table [PREFIX]permissions:

CREATE TABLE awf2_permissions (
 id int(11) unsigned NOT NULL default '0',
 class_name varchar(128) NOT NULL default '',
 object_id int(11) unsigned default NULL,
 user_id int(10) unsigned NOT NULL default '1',
 group_id int(10) unsigned NOT NULL default '1',
 permissions mediumint(8) unsigned NOT NULL default '256319',
 ssl_required tinyint(1) NOT NULL default '0',
 created int(10) unsigned NOT NULL default '0',
 changed int(10) unsigned NOT NULL default '0',
 PRIMARY KEY  (id),
 KEY class_name (class_name,object_id)
 );

They are stored as a mediumint(8), which equals to 3 bytes (24 bit) of which 18 bits are used currently. The read/write/delete flags are stored in 3 bit blocks with the order: User, Group, World, Member, Editor, Admin. The default value is:

 111  110   100   100    111    111 = 256319
 User Group World Member Editor Admin

The AWF_ContentObject, AWF_DBContentObject and AWF_ContentContainer classes are inherited from the abstract AWF_Content class, which means they all support permissions:

<?php

abstract class AWF_Content {
  public $id              = NULL;
  public $cacheable       = TRUE;
  public $permissions     = NULL;

  abstract function inherit_permissions ();
  }
?>

The permissions object is normally created in the load(), save() or delete() method of a content class, if it doesn't exist yet:

<?php

if(!isset($this->permissions) || 
   !is_object($this->permissions)) {
   $this->permissions = new AWF_ContentPermissions ($this);
   }
?>

Now it's easy for each object to check if a user has sufficient rights:

<?php

if(!$this->permissions->is_readable()) {
   $this->id = NULL;
   return FALSE;
   }
?>

Of course, you can use permission checking in Smarty templates too (example is from templates/forums/forum/en.html.tpl):

<?php

{if $forum->permissions->is_writable()}
<a href="/forums/{$forum->template}/
  {$forum->short_name}/add.htm">Add Topic</a>
{/if}
?>

PDF version

Created: 08.01.2006 23:20 CET, Last Change: 25.01.2006 13:06 CET by admin

Copyright © 2000-2005 AWF-CMS.org
The project is funded by Liquid Bytes Technologies and through donations of the user community. AWF is Free Software and available under the terms of the GNU General Public License. This page was viewed 16294 times so far.