通过 
搜索
搜索pessek / hypecapabilities
角色和权限API
v1.2.1
2021-05-29 14:48 UTC
Requires
- php: >=7.1
- composer/installers: ~1.0
This package is auto-updated.
Last update: 2024-09-29 05:49:53 UTC
README
能力和角色API
注册角色
\hypeJunction->register('role_name');
将角色分配给用户
// Site wide role elgg()->roles->assign('role_name', $user); // Group specific role elgg()->roles->assign('role_name', $user, $group);
从用户中移除角色
// Site wide role elgg()->roles->unassign('role_name', $user); // Group specific role elgg()->roles->unassign('role_name', $user, $group);
配置角色权限
创建特定类型的实体
// Prevent users with given role from creating entities of a given type elgg()->roles->role_name->onCreate('object', 'blog', Role::DENY); // Allow users to create entities of a given type regardless of context elgg()->roles->role_name->onCreate('object', 'blog', Role::ALLOW, Role::OVERRIDE); // Allow users to create entities of a given type if all other container permissins are met elgg()->roles->role_name->onCreate('object', 'blog', Role::ALLOW, Role::STACK); // Allow users to create entities when specific conditions are met // Only allow group blogs elgg()->roles->role_name->onCreate('object', 'blog', Role::DENY, function(\hypeJunction\Capabilities\Context $context) { $container = $context->getTarget(); if (!$container instanceof ElggGroup) { return Role::DENY; } });
更新和删除权限
类似于上述,您可以使用 onUpdate 和 onDelete 方法;
授予管理权限
管理权限意味着对实体的高级管理操作,例如,在审核后批准某个帖子。默认情况下,核心不使用此权限级别,但您可以检查用户是否对实体具有管理权限,如下所示
$params = [ 'entity' => $entity, 'user' => $user, ]; if (!elgg_trigger_plugin_hook('permissions_check:administer', "$entity->type:$entity->subtype", $params, false)) { // No permissions to approve throw new EntityPermissionsException(); } // Do something that requires high level permissions, e.g. $entity->published_status = 'published';
授予/拒绝管理权限
// Prevent users with given role from creating entities of a given type // Allow moderator role to administer all blogs regardless of owner/container elgg()->roles->moderator->onAdminister('object', 'blog', Role::ALLOW, Role::OVERRIDE); // Allow users to create entities when specific conditions are met // Allow teacher to administer all group blogs elgg()->roles->teacher->canAdminister('object', 'blog', Role::ALLOW, function(\hypeJunction\Capabilities\Context $context) { $entity = $context->getTarget(); $actor = $context->getActor(); $container = $entity->getContainerEntity(); return $container->canEdit($actor->guid); });
路由
您可以通过路由名称允许/拒绝对特定路由的访问
// Context parameter contain matched route elements // e.g. prevent access to user profile if users are not friends elgg()->roles->user->onRouteAccess('view:user', Role::DENY, function(\hypeJunction\Capabilities\Context $context) { $actor = $context->getActor(); $username = $context->getParam('username'); $user = get_user_by_username($username); if (!$actor || !$user instanceof ElggUser || !$actor->isFriendOf($user->guid)) { register_error('You must be friends to access user profiles'); return Role::DENY; } }); // Here is an example of how to prevent access to member pages to non-logged in users: elgg()->roles->guest->onRouteAccess('collection:user:user', Role::DENY); elgg()->roles->guest->onRouteAccess('collection:user:user:alpha', Role::DENY); elgg()->roles->guest->onRouteAccess('collection:user:user:newest', Role::DENY); elgg()->roles->guest->onRouteAccess('collection:user:user:online', Role::DENY); elgg()->roles->guest->onRouteAccess('collection:user:user:popular', Role::DENY); elgg()->roles->guest->onRouteAccess('search:user:user', Role::DENY); elgg()->roles->guest->onRouteAccess('view:user', Role::DENY);
自定义(组件)能力
您可以检查和修改自定义能力
// Check a custom role elgg()->roles->can('read', 'discussions'); // Define how role responds to capability check elgg()->roles->guest->on('read', 'discussions', Role::DENY); // Override role response elgg_register_plugin_hook_handler('capability', 'read:discussions', function(Hook $hook) { });