Granular model permissions on edit / create / delete etc

pierlo · April 2012

Is it possible to specify granular permissions to users, ie 'a user can edit blocks, but cannot create new ones' ?

As far as I understood the 'permission' config field for modules allows for just one value :


permission : The name of the permission that users must be subscribed to to have access to the module.

from http://www.getfuelcms.com/user_guide/modules/simple

I think ideally this should be an array with various fields like


permission: array(
'create' => 'module/create',
'edit' => 'module/edit',
'delete' => 'module/delete',
'other' => 'module/ohter'
);

What do you think? Maybe in the next version?

admin · April 2012

If you look at the fuel/modules/fuel/config/fuel_moduels.php and look at the pages module config, you'll notice a similar array syntax. Instead of "/" though there are "_" and there is a no distinction between creating and editing but there is a permission for publish/unpublish.

pierlo · April 2012

ah so


'permission' => array('edit' => 'pages', 'publish' => 'pages_publish', 'delete' => 'pages_delete'),

this is possible??

PS still, the difference between edit / create is kinda crucial. Maybe something to keep in mind for the upcoming version!

admin · April 2012

That is currently possible to do if you create the corresponding permissions {module}_{permission_type}) in the permissions module.

We'll look into the create permission as well. It's a little tricky because of how related create and edit are (you redirect to edit after you create). Perhaps "create" allows you access to both the create and edit screen whereas edit just allows you to edit an existing page.

admin · April 2012

Hmm... actually, after looking at the module controller, I'm not sure if this is the case anymore.

Howdy, Stranger!

Categories

Granular model permissions on edit / create / delete etc

Comments