• Developer guides

Permissions

The $this->permissions object (read-only) contains the permissions set in module.json as keys, with a boolean (true/false) as value. The boolean indicates if a user is given a certain permission by the community manager.

Note: Usually, there’s no need to check the existence of a key using isset(), because all keys set in the module.json automatically exist in the permissions object.

Specifying permissions in module.json

module.json

{
    …

    "permissions": {
       "view_chat": {
           "title": "View chat",
           "description": "Allow the user to view the chatbox",
           "default": true
       },
       "facebook_share": {
           "title": "Send to Facebook",
           "description": "Let the user share the item on Facebook.",
           "default": false
       }
    }

    …
}

web/index.php

 <?php

if ($this->permissions->view_chat) {
    echo ('<a href="/chat">View Chat</a>')
} else {
    echo ('No chat access');
}

if ($this->permissions->facebook_share) {
    echo ('<button class="share">Send to Facebook</button>');
}

Separate permissions controller

It is also possible to create a separate permissions controller, so that you can generate dynamic permission object, for example for every type of activity in the courses module.

module.json

{
    …

    "controllers": {
       "permissions": "permissions.php"
    }

    …
}

hooks/permissions.php

<?php

$permissions = array();
$permissions['General'] = array(
   'create_course' => array(
      'title' => 'Users in this group can create new courses',
      'default' => false
   ),'owner_add_members' => array(
      'title' => 'The course owner, if he/she is in this group, can add course members',
      'default' => true
   ),
   'owner_remove_members' => array(
      'title' => 'The course owner, if he/she is in this group, can remove course members',
      'default' => true
   )
);

// Note the return statement here!
return $permissions;