TIP_Privilege

Introduction

The privilege manager

Source file
/Type/module/content/privilege.php
Extends
TIP_Content

TIP uses different security levels, defined in a top-down fashion: every level allows the actions of the lower levels.

Here's the privilege list, ordered from the highest to the lowest level:

* admin: can perform actionDelete() on everything

* trusted: can perform actionEdit() and actionDelete() on his owned content

* untrusted: can perform actionAdd()

* none: can perform actionView() and actionBrowse()

For addictive actions, such as actionLogin() and actionLogout() in TIP_User, you can directy check the source of the module.

The privileges are stored in a "Module-User" way, so for every pair of module-user there will be a specific privilege level. If a requested module-user pair is not stored in the privilege database, the default privilege level will be used.

The default privileges SHOULD be specified in the config file for every module in the 'default_privilege' and 'anonymous_privilege' options. If not specified, the privilege defaults to the one of the application module.

Properties

Methods

__construct ($options)

Constructor

$options
array
Properties values
lines
65 - 68
access
protected

Initializes a TIP_Privilege instance.

postConstructor ()

Custom post construction method

lines
76 - 80
access
protected

Overrides the default post-constructor method to avoid the TIP::getPrivilege() call and the consequential mutual recursion.

getPrivilege ($module, [$user])

$module
$user
[ = null ]
lines
85 - 99
access
public

tagIsManager ($params) : string|null

Check if the current user is manager

$params
string
Parameters of the tag
lines
115 - 118
access
protected

Expands to 'true' if the current logged-in user is manager in the module specified with $params, 'false' otherwise.

tagIsAdmin ($params) : string|null

Check if the current user is administrator

$params
string
Parameters of the tag
lines
126 - 129
access
protected

Expands to 'true' if the current logged-in user is administrator in the module specified with $params, 'false' otherwise.

tagIsTrusted ($params) : string|null

Check if the current user is a trusted user ' Expands to 'true' if the current logged-in user is trusted in the module specified with $params, 'false' otherwise.

$params
string
Parameters of the tag
lines
137 - 140
access
protected

tagIsUntrusted ($params) : string|null

Check if the current user is an untrusted user

$params
string
Parameters of the tag
lines
148 - 151
access
protected

Expands to 'true' if the current logged-in user is untrusted in the module specified with $params, 'false' otherwise.

tagPrivilegeDescription ($params) : string|null

Get the privilege description

$params
string
Parameters of the tag
lines
160 - 176
access
protected

Expands to the specified privilege description, in the current locale. In $params you must specify the privilege as 'module_id,privilege', where privilege must be manager|admin|trusted|untrusted|none.

tagPrivilegeId ($params) : string|null

Get the privilege id from a privilege level

$params
string
Parameters of the tag
lines
184 - 191
access
protected

Given a privilege level (1..5), returns the privilege id, that is a string containing manager|admin|trusted|untrusted|none.

tagPrivilegeLevel ($params) : string|null

Get the privilege level from a privilege id

$params
string
Parameters of the tag
lines
198 - 206
access
protected

The reverse operation of tagPrivilegeId().

actionChange ($user, $module, $privilege) : bool

Perform a change action

$user
int
The user to modify
$module
string
A module name
$privilege
string
The new privilege level
lines
223 - 275
access
protected

Changes the privilege level for the given user on the specified module.

runManagerAction ($action)

$action
lines
277 - 299
access
protected

runAdminAction ($action)

$action
lines
301 - 304
access
protected

runTrustedAction ($action)

$action
lines
306 - 309
access
protected

runUntrustedAction ($action)

$action
lines
311 - 329
access
protected

runAction ($action)

$action
lines
331 - 334
access
protected
TIP_Privilege was last modified by TiP on Mon 25 May 2009 06:22:25 PM CEST
Hosted by BerliOS Developer Logo