Documentation

Light-weight, fast, simple and powerful!
 
Translations of this page?:

Introduction

This text describes the way roles and permissions work starting Wolf CMS version 0.7.x. While this document is mainly geared towards plugin developers, administrators may also find it of interest.

Overview

The way its set up will allow for custom roles that can be adapted in whatever way administrators want. Currently, Wolf CMS does not provide a graphical interface to manage creation/modification of Roles or Permissions. (v0.7.3)

Roles

Wolf CMS (0.7.3) comes with three Roles in its default state. These are:

  • Administrator
  • Developer
  • Editor

The “Administrator” role is allowed to do everything in a default installation, unless it is changed. The one exception is the user with id 1 (one) in the database. That user is considered a “fail-safe” / root user that will always be allowed to do everything, independent of what Roles that user has.

Permissions

In a default installation of Wolf CMS 0.7.3, the following Permissions exist:

Permission Mapped to Roles Permission represents
admin_view administrator, developer, editor Allowed to access the admin backend.
admin_edit administrator Allowed to change admin settings.
user_view administrator Allowed to view users.
user_add administrator Allowed to add users.
user_edit administrator Allowed to edit users.
user_delete administrator Allowed to delete users.
layout_view administrator, developer Allowed to view layouts.
layout_add administrator, developer Allowed to add layouts.
layout_edit administrator, developer Allowed to edit layouts.
layout_delete administrator, developer Allowed to delete layouts.
snippet_view administrator, developer Allowed to view snippets.
snippet_add administrator, developer Allowed to add snippets.
snippet_edit administrator, developer Allowed to edit snippets.
snippet_delete administrator, developer Allowed to delete snippets.
page_view administrator, developer, editor Allowed to view a page.
page_add administrator, developer, editor Allowed to add a page.
page_edit administrator, developer, editor Allowed to edit a page.
page_delete administrator, developer, editor Allowed to delete a page.
file_manager_view administrator, developer, editor Allowed to use file manager.
file_manager_upload administrator, developer, editor Allowed to upload files.
file_manager_mkdir administrator, developer, editor Allowed to create directories.
file_manager_mkfile administrator, developer, editor Allowed to create files.
file_manager_rename administrator, developer, editor Allowed to rename files.
file_manager_chmod administrator, developer, editor Allowed to change permissions.
file_manager_delete administrator, developer, editor Allowed to delete files or directories.

Using permissions in plugins

Plugin developers are able to create custom permissions for their plugin by simply creating an entry in the database for their permission. It is of course preferred that you re-use existing permissions whenever possible.

When you create a new permission, you can add it to one or more of the existing Roles which will automatically grant the permission to any user that has that Role. Of course, you can also create custom roles if desired. Again, please use your judgment but re-use existing Roles whenever possible.

Please be aware that currently (Wolf CMS 0.7.3) you will need to create the Roles and Permissions directly using the relevant models. Future versions of Wolf CMS will likely have dedicated methods to allow this.

Creating a Permission

As of Wolf CMS 0.7.3.

$perm = new Permission();
$perm->name = 'my_permission';
$perm->save();

Creating a Role

As of Wolf CMS 0.7.3.

$role = new Role();
$role->name = 'my_role';
$role->save();

Adding a Permission to a Role

As of Wolf CMS 0.7.3. Will likely be changed / improved in future releases.

$perms = array();
$new_perm = new Permission();
$new_perm->name = 'new_permission';
$new_perm->save();
 
$role = Role::findByName('some_role');
$perms[] = Permission::findByName('admin_view');
$perms[] = $new_perm;
 
RolePermission::savePermissionsFor($role->id, $perms);

Admin UI plugin tabs

In pre-0.7.x Wolf CMS releases it was possible to tell Wolf CMS which roles you wanted to display a tab for in the UI, if any. An example where only users with the “administrator” or “developer” roles would see the tab would have been:

Plugin::addController('hello_world', 'Hello World', 'administrator, developer');

In Wolf CMS 0.7.x this has been changed to make use of Permissions instead of the old roles. You can go two different routes: allow anyone that can access the backend to see the tab or create a specific permission for it. Here's what you'd do:

// Create a new permission when we don't want to reuse an existing Permission
$perm = new Permission();
$perm->name = 'hello_world_view';
$perm->save();
 
// Add a controller for the plugin that (only) re-uses the admin_view permission
Plugin::addController('hello_world', 'Hello World', 'admin_view');
 
// Add a controller for the plugin that re-uses the admin_view permission and also uses the custom one
Plugin::addController('hello_world', 'Hello World', 'admin_view, hello_world_view');
 
plugins/roles_and_permissions.txt · Last modified: 2011-09-12 00:46 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license:GNU Free Documentation License 1.2
Copyright 2010 wolfcms.org / design by yello studio / Wolf CMS Inside