Permissions


Table of Contents
  1. About Permissions
  2. Creating Permissions
  3. About Automatic Permissions Logic
  4. About Automatic Role Permissions Logic

About Permissions

Permissions are usually applied by assigning them to roles and then assigning roles to users. However, permissions can be directly assigned to users, as well.

Permissions are divided into two main semantic types: permissions and restrictions.

Creating Permissions

Probably the easiest way to create permissions is to use the Permission Generator tool, though you can type-in the permission rule directly in System Name and Title fields in the Permissions module.

To access the Permissions module use the Sidebar navigation > Permission Settings > Permissions link.

Creating a permission will clear the cache afterwards.

Permissions names should be generated following these patterns:

  • assign_role:[role name'] (permits)
  • revoke_role:[role name'] (permits)
  • retrieve_role:[role name'] (permits)
  • modify_module:[table name'] (permits)
  • retrieve_all_entries:[table name'](permits)
  • [action']_module:[target table name']_match:[users table column name']_to:[target table column - name']..._[users table column name']_to:[target table column name'](restricts)
  • [action']_module:[target table name']_match:[users table column name']_in:[related table name']:[related column name']..._[column name']_in:[relation field']_field:[related module column name'](restricts)
  • cannot_edit_field:[table name']:[column name'](restricts)
  • [action']_entry:[table name'](permits)

Valid actions names are:

  • create
  • retrieve
  • update
  • delete

As previously mentioned, permissions can permit or restrict something. They will act as restrictions if assigned to a role.

For each permission which permits something, if it exists that means you must have it in order to perform that action. If a permission doesn't exist, that means that action doesn't require a permission and is globally available.

Example 1:

You have created a new module with a table name 'videos'. Since you haven't created any permissions for it, anyone can CRUD module entries. If you create a permission named *'modifymodulevideos'* that means that only users with this permission can now CRUD module entries.

Example 2:

For the previous example, you want to permit creating videos to only specific users. You create a new permission *'createentryvideos' and assign it to a user. Additionally if you have a permission 'modifymodulevideos'* like in the previous example, then the user must have this permission too.

About Automatic Permissions Logic

CREATE:

Q: Can you modify the module?

A: Yes if the permission doesn't exist, or it exists and you have it.

Permission: modify_module_[table name]

Q: Can you create module entries?

A: Yes if the permission doesn't exist, or it exists and you have it.

Permission: create_entry_[table name]

RETRIEVE:

Q: Can you retrieve all entries?

A: Yes if the permission exists and you have it.

Permission: retrieve_all_entries_[table name]

Q: Can you retrieve a specific entry?

A: Yes if the permission doesn't exist, or you have it and matches the criteria.

Permission: retrieve_module_[table name]_match_[column name]_to_[column name]..._[column name]_to_[column name]

UPDATE:

Q: Can you update desired fields?

A: Yes if the permission doesn't exist, or it exists but you don't have it, because this is a direct restriction.

Permission: cannot_edit_field_[table name]_[field name]

Q: Can you access the module?

A: Yes if permission doesn't exist, or it exists and you have it.

Permission: modify_module_[table name]

Q: Can you update module entries?

A: Yes if the permission doesn't exist, or it exists and you have it.

Permission: update_entry_[table name]

Q: Can you update a specific entry?

A: Yes if the permission doesn't exist, or you have it and matches the criteria.

Permission: update_module_[table name]_match_[column name]_to_[column name]..._[column name]_to_[column name]

DELETE:

Q: Can you access the module?

A: Yes if permission doesn't exist, or it exists and you have it.

Permission: modify_module_[table name]

Q: Can you delete module entries?

A: Yes if the permission doesn't exist, or it exists and you have it.

Permission: delete_entry_[table name]

Q: Can you delete a specific entry?

A: Yes if the permission doesn't exist, or you have it and matches the criteria.

Permission: delete_module_[table name]_match_[column name]_to_[column name]..._[column name]_to_[column name]

About Automatic Role Permissions Logic

The logic is applied through the Users Module Update method.

ASSIGN:

Q: Can you assign the role?

A: Yes if the permission doesn't exist, or it exists and you have it.

Permission: assign_role_[role name]

REVOKE:

Q: Can you revoke the role?

A: Yes if the permission doesn't exist, or it exists and you have it.

Permission: revoke_role_[role name]

RETRIEVE:

Q: Can you retrieve the role?

A: Yes if the permission doesn't exist, or it exists and you have it.

Permission: retrieve_role_[role name]

Sign-up to stay informed about news and updates.