Zikula Community

• **unknown user**
  
  

  • Rank: Registered User
  • Registered: Mar 16, 2002
  • Last visit: Feb 14, 2006
  • Posts: 33

  Posted: Apr 18, 2005 - 02:18 PM

  I'm trying to make my module create a permission when it is initialised. Here is the code I'm using:
  
  

  Code

  // Build a permission that allows all members of the Users group to add
      // items. This means that, by default, logged in users can register
      // themselves as producers and begin uploading their music.
      // TODO: remove this permission when the module is deleted.
      $lhPermission = array( type      => 'group',
                             realm     => 0,
                             id        => 'Users',
                             component => 'Dubplate::',
                             instance  => '::',
                             level     => ACCESS_ADD );
  
      if( !pnModAvailable( 'Permissions' ) )
      {
          // TODO: error... permissions module not active
          die( 'Perms unavailable.' );
      }
  
      if( !pnModLoad( 'Permissions', 'adminapi' ) )
      {
          // TODO: error... couln't load admin API
          die( 'Perms admin api did not load.' );
      }
  
      if( !pnModAPIFunc( 'Permissions', 'adminapi', 'create', $lhPermission ) )
      {
          // TODO: error... couldn't add permission
          return false;
      }

  
  
  It dies silently, I think due to the argument values. I've been trying to use the argument values for pnSecAuthAction(), and the argument array is based on the function signature. Any ideas on what arg values I should use? I've had a look at the permissions module code but it's fairly opaque.

  • 
  •  
• Landseer
  
  

  • Rank: Team Member
  • Registered: Jan 02, 2003
  • Last visit: Oct 21, 2009
  • Posts: 800

  Posted: Apr 18, 2005 - 04:07 PM

  #1:
  

  Code

  if( !pnModAPILoad( 'Permissions', 'admin' ) )
  {
      // TODO: error... couln't load admin API
      die( 'Perms admin api did not load.' );
  }
  if( !pnModAPIFunc( 'Permissions', 'admin', 'create', $lhPermission ) )
  {
      // TODO: error... couldn't add permission
      return false;
  }

  
  
  #2: create() als needs an insseq (insert sequence) parameter, this is not mentioned in the header, but you can see this later in the function where the arguments are checked. Right now it stops with a _MODARGSERROR.
  
  Why do you want to create permissions this way? You should leave this up to the admin. Remember that the permission order is most important! You can lock yourself out of the system with a wrong set of permissions. And maybe the admin does not want to give the permission to the users group at all.
  
  

  Code

  if(!pnSecAuthAction(0, 'Dubplate::', '::', ACCESS_ADD)) {
      // error message
  }

  
  
  during runtime should be enough.
  
  --
  "He is not dangerous, he just wants to play...."

  • 
  •  
• **unknown user**
  
  

  • Rank: Registered User
  • Registered: Mar 16, 2002
  • Last visit: Feb 14, 2006
  • Posts: 33

  Posted: Apr 18, 2005 - 05:15 PM

  Quote

  create() als needs an insseq (insert sequence) parameter, this is not mentioned in the header, but you can see this later in the function where the arguments are checked. Right now it stops with a _MODARGSERROR.

  
  
  Well spotted... thanks. I'll have to investigate this whole sequence thingy.
  
  

  Quote

  Why do you want to create permissions this way? You should leave this up to the admin. Remember that the permission order is most important! You can lock yourself out of the system with a wrong set of permissions. And maybe the admin does not want to give the permission to the users group at all.

  
  
  The reason I want to create an add permission automatically is so that by default, logged in users can add a single item (corresponding to their UID) with the lowest barrier to entry (which is how the module currently works in its non-compliant form). It's not as permissive as it appears at first blush.
  
  I can see a situation where some admins would want to restrict add access to a particular group, but I think that those admins would be more capable of locking it down / RTFM than the average punter would be of loosening it up. I don't know if I'm being too cynical here : )
  
  But yah, more restrictive permissions by default is the purist approach, and the one I would prefer to take if I can do it in a user friendly manner. Also, I presently have no clue about permission sequencing and would rather not mess around with it if possible. My goals are to:
  
  - lock out anonymous users
  - let authorised users add a single module item corresponding to their UID
  - minimise module setup for the admin
  
  Thanks again for the help. Suggestions, technical or process related, are very welcome...

  • 
  •  
• HalbrookTech
  
  

  • Rank: Developer
  • Registered: Dec 31, 1969
  • Last visit: Jun 01, 2010
  • Posts: 6859

  Posted: Apr 18, 2005 - 07:02 PM

  The problem is you don't know where to put the permission in the table.
  
  --
  Home Page | Find on Facebook | Follow on Twitter
  

  • 
  •  
• Simon
  
  

  • Rank: Legend
  • Registered: Dec 11, 2002
  • Last visit: Oct 21, 2009
  • Posts: 11674

  Posted: Apr 18, 2005 - 07:06 PM

  Yes - to be guaranteed of sucess you'd need to place it right at the top of the table
  
  --
  itbegins.co.uk - Zikula Consulting
  
  birtwistle.me.uk - Personal Blog
  
  
  Please read the Support Guide

  • 
  •  
• **unknown user**
  
  

  • Rank: Registered User
  • Registered: Mar 16, 2002
  • Last visit: Feb 14, 2006
  • Posts: 33

  Posted: Apr 19, 2005 - 02:01 PM

  So, sounds like going down this path leads to a lot of tedious parsing and sorting for little return. I guess I'll just do it as Landseer suggested and make go heavy on the documentation.
  
  Thanks all.

  • 
  •  
•  
•  

Users on-line

• bronto,
• designerdogs

This list is based on users active over the last 60 minutes.