Getting Started with LiveUser Permissions

UPDATE (Aug 9th ’05): Thanks to feedback from Lukas Smith and Laurens Nienhaus I’ve made some updates which show better ways to get at some properties.


Having described in my ‘Configuring LiveUser’ entry how to configure and instantiate LiveUser it’s now time to talk about how we start connecting together our login system with more sophisticated permissions management.

This time around we’re going to be making use of the LiveUser_Admin module, which can be instantiated using the same configuration array as LiveUser, with:

$admin = LiveUser_Admin::factory($liveuser_config);

LiveUser keeps ‘authentication’ and ‘permissions’ distinct and in order to get started with permissions we must create entries for our users in the permissions system.

The LiveUser Admin API provides us with the method:

$admin->perm->addUser($user_to_add);

to add a user to the permissions system, where $user_to_add is an array with keys matching the fields of the liveusers_perm_users table. In particular we need ‘auth_container_name’ and ‘auth_user_id’. Unfortunately there is no method which will generate this array for the currently logged in user, but we can get at the instance variables directly to perform:

$user_to_add = array();
$user_to_add['auth_container_name'] = $live_user->getProperty('containerName');
$user_to_add['auth_user_id'] = $live_user->getProperty('auth_user_id');

$admin->perm->addUser($user_to_add);

Once we have a user we can start to create permissions and grant them those permissions, but before moving on to that I wanted to set up permission groups and add users to those groups (we can also grant permissions to groups and in general this is the facility I’m likely to use most).

To add a group we make use of the addGroup() method:

$admin->perm->addGroup($group_info);

Where $group_info is an array with the keys ‘group_define_name’ (string) and ‘is_active’ (boolean). I used it as:

$group = $admin->perm->addGroup(array(
'group_define_name' => 'admins',
'is_active' => 1));

Having set up the group we’ll want to add users to that group, which is achieved through the method:

$admin->perm->addUserToGroup($data);

Once again the parameter is an associative array with the keys ‘group_id’ and ‘perm_user_id’. The return value from addGroup will have given us the group ID, or we can retrieve it using the getGroups method:

$params = array(
'fields' => array('group_id'),
'filters' => array('group_define_name' => 'admin'));
$group_details = $admin->perm->getGroups($params);

which will return something like:

Array
(
[0] => Array
(
[group_id] => 2
)

)

Meaning we can add our user to the group using:

$group_info['group_id'] = $group_details[0]['group_id'];
$group_info['perm_user_id'] = $live_user->getProperty('permUserId');;
$admin->perm->addUserToGroup($group_info);

So there we have it, our ‘admins’ group is defined and our current user is a member of it. Next time I’ll cover how we use this to create, edit, grant, revoke and check rights.

Tags: , , ,

9 comments

  1. With the last release we had a minor BC break in the getProperty() method.

    So $live_user->getProperty(‘permUserId’) would not have to be:
    $live_user->getProperty(‘perm_user_id’)

  2. should I do $admin->setAdminPermContainer(); before ?
    I’m asking because I had $admin->perm = NULL until trying this…

    Thanks

  3. Leo: $admin->setAdminContainers();

    this will set the perm container and the auth container
    if you pass an authid it will search the auth containers for the first auth container that contains such an id
    if you pass an auth name it will load that container
    if you dont pass either it will just use the first container

  4. Can you give the sql table structure for the Permissions table. Your tutorial has been very helpful, thank you.

  5. David – not sure which table you mean by permissions? I have a rights table which looks like:

    right_id – int(11)
    area_id – int(11)
    right_define_name – char(32)
    has_implied – tinyint(1)

    James.

  6. Next time I’ll cover how we use this to create, edit, grant, revoke and check rights.

    Great work. It’s hard to find good doc on LiveUser. Waiting eagerly for the next promised installment of the tutorial. That would solve the puzzle.

  7. […] I was reminded by maxi_million in the comments on one of my previous LiveUser tutorial entries that I never completed the promised third entry in that series. After the initial procrastination wore off and I initially turned my mind to writing this piece, my main project using LiveUser ended up being converted (for various reasons) into a drupal site, so my further use of the library has been quite minimal. But I do have a little code sitting around, so will try and draw together a few notes on how I was using Liveuser. […]

  8. hey guys,

    it’s very difficult to find some information about liveuser if this does not scratch the surface (at least my opinion), so i will ask you, if you have some hint.

    i’m trying to merge some extra data to be handled via liveuser as i don’t want to extend, modify or wrap it. since now i found no offensive point, where i’m able to give it additional extra data that will have to be accessible during my app. i tried to extend the perm_storage container first but the fields i fetched are not returned nor cached at all – so i don’t know where to start… do i have to write some kind of container (which one?) or do i have to create a wrapper that catches requests that cannot be processed by the liveuser?

    thanks in advance, andi

  9. andi — I’m no longer using liveuser. You’d be best off asking on the pear-general email list which you can find over at http://pear.php.net