Create permission to group roles?

[Robin S]

I have several roles that I want to identify as a group (they are all subject to certain access restrictions that I am applying with hooks).

To save having to identify all these roles by name (I have to do this in several places) I'm wondering about how I could target them all as a group. I had the idea of creating a new permission that will not actually do anything, but I give this permission to all of the roles that I want to group together and then I can target users with those roles with $user->hasPermission(). It would be a little odd though because this permission would in fact identify users that are more restricted.

Is this a good way to identify a group of roles? Are there alternative ways to group roles? Like some kind of roles hierarchy?

[Robin S]

I tried the idea of identifying groups of roles by custom permission and it seems to be working well. Only thing to watch out for is that superuser gets all permissions by default so wherever I check the user I do:

if(!$this->user->isSuperuser() && $this->user->hasPermission('limited-page-tree')) {
    //...
}

 

[adrian]

Any chance this is helpful: https://processwire.com/talk/topic/5658-alpha-release-usergroups-page-based-permissions/

[Robin S]

2 hours ago, adrian said:

Any chance this is helpful: https://processwire.com/talk/topic/5658-alpha-release-usergroups-page-based-permissions/

Thanks, for this project I'm pretty committed to my custom access module at this point, and it's working well.

I did install that module just now to have a look. It isn't compatible with PW3 out of the box (needs fixes here and here), it caused the Pages tab to disappear for non-superusers, and the absence of even a module readme makes it difficult to get to grips with. Not sure of the advantages over Page Edit Per Role. Apparently you can allow non-superusers to administer the user groups, although without documentation it wasn't clear to me how to allow that.

Interesting though.