3 replies to this topic

[Michal Gancarski]

Hi!

As I delve deeper and deeper into PW, I am wondering about deleting/adding permissions. It is possible but... does it do anything? What will happen if I delete, say, the 'page-edit' permission? It is not possible to edit pages anymore? Can I add it back, using the same name for it to work again?

Thanks!

[slkwrm]

Hi, Michal.

I'm not sure you need to delete "core" permissions for they provide Processwire's essential functionality and, btw, you can't delete them from back-end.

For example, you add a permission, grant it to one of your roles and then write code to check against this permission in your template:

if ($user->hasPermission("touch-this")) {

   echo "The world is yours!";

} else {

   echo "Can't touch this!";

}

So $user->hasPermission() will return true if a user has a role to which this permission is granted, otherwise it will return false. The only exception are users with superuser role as it has all permissions granted by default. For this users $user->hasPermission() will always return true even if superuser role doesn't have a permission granted (checked in back-end).
Deleting a permission is like taking it away from a role and respectively from all users with this role. So after you deleted a permission, $user->hasPermission() will return false when checking against this deleted permission for all users except ones with a superuser role.

This is based on my limited experience, I'm sure there's more to say on this topic.

Edit: corrected "front-end" to "back-end".

[Michal Gancarski]

This has opened my eyes for the possibilities using custom permissions gives. Now everything is clear. Thanks!

[Pete]

Nice example slkwrm - I hadn't thought about permissions much before beyond the basics but there are a few projects in my head where I will need to build a front-end admin system ad this will prove invaluable along with various roles so thanks for that!