Permission Helper
XOOPS has a powerful and flexible permission system based on user group membership. The XMF Permission Helper simplifies working with these permissions, reducing complex permission checks to single method calls.
Overview
Section titled “Overview”The XOOPS permission system associates groups with:
- Module ID
- Permission name
- Item ID
Checking permissions traditionally requires finding user groups, looking up module IDs, and querying the permission tables. The XMF Permission Helper handles all of this automatically.
Getting Started
Section titled “Getting Started”Creating a Permission Helper
Section titled “Creating a Permission Helper”// For the current module$permHelper = new \Xmf\Module\Helper\Permission();
// For a specific module$permHelper = new \Xmf\Module\Helper\Permission('mymodule');The helper automatically uses the current user’s groups and the specified module’s ID.
Checking Permissions
Section titled “Checking Permissions”Does the User Have Permission?
Section titled “Does the User Have Permission?”Check if the current user has a specific permission for an item:
$permHelper = new \Xmf\Module\Helper\Permission();
// Check if user can view topic ID 42$canView = $permHelper->checkPermission('viewtopic', 42);
if ($canView) { // Display the topic} else { // Show access denied message}Check with Redirect
Section titled “Check with Redirect”Automatically redirect users who lack permission:
$permHelper = new \Xmf\Module\Helper\Permission();$topicId = 42;
// Redirects to index.php after 3 seconds if no permission$permHelper->checkPermissionRedirect( 'viewtopic', $topicId, 'index.php', 3, 'You are not allowed to view that topic');
// Code here only runs if user has permissiondisplayTopic($topicId);Admin Override
Section titled “Admin Override”By default, admin users always have permission. To check even for admins:
// Normal check - admins always have permission$hasPermission = $permHelper->checkPermission('viewtopic', $id);
// Check even for admins (third parameter = false)$hasPermission = $permHelper->checkPermission('viewtopic', $id, false);Get Permitted Item IDs
Section titled “Get Permitted Item IDs”Retrieve all item IDs that specific groups have permission for:
// Get items the current user's groups can view$viewableIds = $permHelper->getItemIds('viewtopic', $GLOBALS['xoopsUser']->getGroups());
// Get items a specific group can view$viewableIds = $permHelper->getItemIds('viewtopic', [XOOPS_GROUP_USERS]);
// Use in queries$criteria = new Criteria('topic_id', '(' . implode(',', $viewableIds) . ')', 'IN');Managing Permissions
Section titled “Managing Permissions”Get Groups for an Item
Section titled “Get Groups for an Item”Find which groups have a specific permission:
$permHelper = new \Xmf\Module\Helper\Permission();
// Get groups that can view topic 42$groups = $permHelper->getGroupsForItem('viewtopic', 42);// Returns: [1, 2, 5] (array of group IDs)Save Permissions
Section titled “Save Permissions”Grant permission to specific groups:
$permHelper = new \Xmf\Module\Helper\Permission();
// Allow groups 1, 2, and 3 to view topic 42$groups = [1, 2, 3];$permHelper->savePermissionForItem('viewtopic', 42, $groups);Delete Permissions
Section titled “Delete Permissions”Remove all permissions for an item (typically when deleting the item):
$permHelper = new \Xmf\Module\Helper\Permission();$topicId = 42;
// Delete view permission for this topic$permHelper->deletePermissionForItem('viewtopic', $topicId);For multiple permission types:
// Delete multiple permission types at once$permissionNames = ['viewtopic', 'posttopic', 'edittopic'];$permHelper->deletePermissionForItem($permissionNames, $topicId);Form Integration
Section titled “Form Integration”Adding Permission Selection to Forms
Section titled “Adding Permission Selection to Forms”The helper can create a form element for selecting groups:
$permHelper = new \Xmf\Module\Helper\Permission();
// Build your form$form = new XoopsThemeForm('Edit Topic', 'topicform', 'save.php');
// Add title field, etc.$form->addElement(new XoopsFormText('Title', 'title', 50, 255, $topic->getVar('title')));
// Add permission selector$form->addElement( $permHelper->getGroupSelectFormForItem( 'viewtopic', // Permission name $topicId, // Item ID 'Groups with View Topic Permission' // Caption ));
$form->addElement(new XoopsFormButton('', 'submit', 'Save', 'submit'));Form Element Options
Section titled “Form Element Options”The full method signature:
getGroupSelectFormForItem( $gperm_name, // Permission name $gperm_itemid, // Item ID $caption, // Form element caption $name, // Element name (auto-generated if empty) $include_anon, // Include anonymous group (default: false) $size, // Number of visible rows (default: 5) $multiple // Allow multiple selection (default: true))Processing Form Submission
Section titled “Processing Form Submission”use Xmf\Request;
$permHelper = new \Xmf\Module\Helper\Permission();$topicId = Request::getInt('topic_id', 0);
// Get the auto-generated field name$fieldName = $permHelper->defaultFieldName('viewtopic', $topicId);
// Get selected groups from form$selectedGroups = Request::getArray($fieldName, [], 'POST');
// Save the permissions$permHelper->savePermissionForItem('viewtopic', $topicId, $selectedGroups);Default Field Name
Section titled “Default Field Name”The helper generates consistent field names:
$fieldName = $permHelper->defaultFieldName('viewtopic', 42);// Returns something like: 'mymodule_viewtopic_42'Complete Example: Permission-Protected Items
Section titled “Complete Example: Permission-Protected Items”Creating an Item with Permissions
Section titled “Creating an Item with Permissions”<?phpuse Xmf\Request;use Xmf\Module\Helper;use Xmf\Module\Helper\Permission;
require_once dirname(dirname(__DIR__)) . '/mainfile.php';require_once XOOPS_ROOT_PATH . '/header.php';
$helper = Helper::getHelper('mymodule');$permHelper = new Permission('mymodule');
$op = Request::getCmd('op', 'form');$itemId = Request::getInt('id', 0);
switch ($op) { case 'save': // Save item data $handler = $helper->getHandler('items');
if ($itemId > 0) { $item = $handler->get($itemId); } else { $item = $handler->create(); }
$item->setVar('title', Request::getString('title', '')); $item->setVar('content', Request::getText('content', ''));
if ($handler->insert($item)) { $newId = $item->getVar('item_id');
// Save view permission $viewFieldName = $permHelper->defaultFieldName('view', $newId); $viewGroups = Request::getArray($viewFieldName, [], 'POST'); $permHelper->savePermissionForItem('view', $newId, $viewGroups);
// Save edit permission $editFieldName = $permHelper->defaultFieldName('edit', $newId); $editGroups = Request::getArray($editFieldName, [], 'POST'); $permHelper->savePermissionForItem('edit', $newId, $editGroups);
redirect_header('index.php', 2, 'Item saved'); } break;
case 'form': default: $handler = $helper->getHandler('items');
if ($itemId > 0) { $item = $handler->get($itemId); } else { $item = $handler->create(); $itemId = 0; }
$form = new XoopsThemeForm('Edit Item', 'itemform', 'edit.php'); $form->addElement(new XoopsFormHidden('op', 'save')); $form->addElement(new XoopsFormHidden('id', $itemId));
$form->addElement(new XoopsFormText('Title', 'title', 50, 255, $item->getVar('title'))); $form->addElement(new XoopsFormTextArea('Content', 'content', $item->getVar('content')));
// View permission selector $form->addElement( $permHelper->getGroupSelectFormForItem('view', $itemId, 'Groups that can view') );
// Edit permission selector $form->addElement( $permHelper->getGroupSelectFormForItem('edit', $itemId, 'Groups that can edit') );
$form->addElement(new XoopsFormButton('', 'submit', 'Save', 'submit'));
$form->display(); break;}
require_once XOOPS_ROOT_PATH . '/footer.php';Viewing with Permission Check
Section titled “Viewing with Permission Check”<?phpuse Xmf\Request;use Xmf\Module\Helper;use Xmf\Module\Helper\Permission;
require_once dirname(dirname(__DIR__)) . '/mainfile.php';
$helper = Helper::getHelper('mymodule');$permHelper = new Permission('mymodule');
$itemId = Request::getInt('id', 0);
// Check view permission - redirects if denied$permHelper->checkPermissionRedirect( 'view', $itemId, 'index.php', 3, 'You do not have permission to view this item');
require_once XOOPS_ROOT_PATH . '/header.php';
// User has permission, display the item$handler = $helper->getHandler('items');$item = $handler->get($itemId);
$xoopsTpl->assign('item', $item->toArray());
// Show edit button only if user has edit permissionif ($permHelper->checkPermission('edit', $itemId)) { $xoopsTpl->assign('can_edit', true); $xoopsTpl->assign('edit_url', $helper->url('edit.php?id=' . $itemId));}
require_once XOOPS_ROOT_PATH . '/footer.php';Deleting with Permission Cleanup
Section titled “Deleting with Permission Cleanup”<?phpuse Xmf\Request;use Xmf\Module\Helper;use Xmf\Module\Helper\Permission;
$helper = Helper::getHelper('mymodule');$permHelper = new Permission('mymodule');
$itemId = Request::getInt('id', 0);
// Delete the item$handler = $helper->getHandler('items');$item = $handler->get($itemId);
if ($item && $handler->delete($item)) { // Clean up all permissions for this item $permissionNames = ['view', 'edit', 'delete']; $permHelper->deletePermissionForItem($permissionNames, $itemId);
redirect_header('index.php', 2, 'Item deleted');}API Reference
Section titled “API Reference”| Method | Description |
|---|---|
checkPermission($name, $itemId, $trueIfAdmin) | Check if user has permission |
checkPermissionRedirect($name, $itemId, $url, $time, $message, $trueIfAdmin) | Check and redirect if denied |
getItemIds($name, $groupIds) | Get item IDs groups can access |
getGroupsForItem($name, $itemId) | Get groups with permission |
savePermissionForItem($name, $itemId, $groups) | Save permissions |
deletePermissionForItem($name, $itemId) | Delete permissions |
getGroupSelectFormForItem(...) | Create form select element |
defaultFieldName($name, $itemId) | Get default form field name |
See Also
Section titled “See Also”- ../Basics/XMF-Module-Helper - Module helper documentation
- Module-Admin-Pages - Admin interface creation
- ../Basics/Getting-Started-with-XMF - XMF basics
#xmf #permissions #security #groups #forms