I was reminded by maxi_million in the comments on one of my previous LiveUser tutorial entries that I never completed the promised third entry in that series. After the initial procrastination wore off and I initially turned my mind to writing this piece, my main project using LiveUser ended up being converted (for various reasons) into a drupal site, so my further use of the library has been quite minimal. But I do have a little code sitting around, so will try and draw together a few notes on how I was using Liveuser.
While many powerful authorization systems are purely role-based, something that can be achieved in LiveUser with the groups functionality covered in the previous entry on this subject, LiveUser also supports much more fine grained permissions. Each permission is its own entity, and permissions are grouped into areas. I created my areas directly in the database so won’t be covering that here. Once you have your area’s id in the variable $area_id and an instance of LiveUser_Admin in $admin you can call:
$right = $admin->perm->addRight(
array('area_id' => $area_id,
'right_define_name' => 'a name for your right'));
to create the right and capture its ID in $right.
You can then ‘grant’ that right to a user with:
$admin->perm->grantUserRight(
array('right_id' => $right,
'perm_user_id' => $perm_user_id));
Or grant it to a group with:
$admin->perm->grantGroupRight(
array('right_id' => $right,
'group_id' => $group_id));
Where I ran into problems was when I attempted to check those permissions. From the API documentation, it wasn’t clear how to check for a right given only its name, but after a little exploration I put together the following method (used within my wrapper class) that handles it. $this->user is an instance of LiveUser and $this->admin is an instance of LiveUser_Admin:
function checkRight($area_id, $right_desc) {
if (empty($this->admin)) {
$this->getAdminInstance();
}
$filter = array(
"fields" => array("right_id"),
"filters" => array(
"area_id" => $area_id,
"right_define_name" => $right_desc));
$rights = array_keys($this->admin->getRights($filter));
$right_id = $rights[0];
return $this->user->_perm->checkRight($right_id);
}
You’ll note that the final line makes use of the _perm property. In PEAR coding conventions a preceding underscore means a method or property is private and should not be accessed from outside the class, but this was the neatest approach I was able to find in the time. If anyone can tell me how to do this within the approved public API I’ll happily update this entry.
Update: Be sure to check out the comments, where Lukas has been adding some very useful information.