Getting Started with LiveUser Permissions

UPDATE (Aug 9th ‘05): Thanks to feedback from Lukas Smith and Laurens Nienhaus I’ve made some updates which show better ways to get at some properties.

Having described in my ‘Configuring LiveUser’ entry how to configure and instantiate LiveUser it’s now time to talk about how we start connecting together our login system with more sophisticated permissions management.

This time around we’re going to be making use of the LiveUser_Admin module, which can be instantiated using the same configuration array as LiveUser, with:

$admin = LiveUser_Admin::factory($liveuser_config);

LiveUser keeps ‘authentication’ and ‘permissions’ distinct and in order to get started with permissions we must create entries for our users in the permissions system.

The LiveUser Admin API provides us with the method:

$admin->perm->addUser($user_to_add);

to add a user to the permissions system, where $user_to_add is an array with keys matching the fields of the liveusers_perm_users table. In particular we need ‘auth_container_name’ and ‘auth_user_id’. Unfortunately there is no method which will generate this array for the currently logged in user, but we can get at the instance variables directly to perform:

$user_to_add = array();
$user_to_add['auth_container_name'] = $live_user->getProperty('containerName');
$user_to_add['auth_user_id'] = $live_user->getProperty('auth_user_id');

$admin->perm->addUser($user_to_add);

Once we have a user we can start to create permissions and grant them those permissions, but before moving on to that I wanted to set up permission groups and add users to those groups (we can also grant permissions to groups and in general this is the facility I’m likely to use most).

To add a group we make use of the addGroup() method:

$admin->perm->addGroup($group_info);

Where $group_info is an array with the keys ‘group_define_name’ (string) and ‘is_active’ (boolean). I used it as:

$group = $admin->perm->addGroup(array(
'group_define_name' => 'admins',
'is_active' => 1));

Having set up the group we’ll want to add users to that group, which is achieved through the method:

$admin->perm->addUserToGroup($data);

Once again the parameter is an associative array with the keys ‘group_id’ and ‘perm_user_id’. The return value from addGroup will have given us the group ID, or we can retrieve it using the getGroups method:

$params = array(
'fields' => array('group_id'),
'filters' => array('group_define_name' => 'admin'));
$group_details = $admin->perm->getGroups($params);

which will return something like:

Array
(
[0] => Array
(
[group_id] => 2
)

)

Meaning we can add our user to the group using:

$group_info['group_id'] = $group_details[0]['group_id'];
$group_info['perm_user_id'] = $live_user->getProperty('permUserId');;
$admin->perm->addUserToGroup($group_info);

So there we have it, our ‘admins’ group is defined and our current user is a member of it. Next time I’ll cover how we use this to create, edit, grant, revoke and check rights.