User Has Permission

[Pete]

Hi folks

I'm currently doing some work on a very customised system based on PW (naturally).

Rather than do this to check a user has a role:

if ($user->hasRole('admin') || $user->hasRole('editor') || $user->hasRole('role3') || $user->hasRole('role4')) {

it's possible to do this:

if ($user->matches('roles=admin|editor|role3|role4')) {

Is there a similar way of doing this for permissions? I want to check in code if a user has one of several possible permissions before displaying something:

if ($user->matches('permissions=perm1|perm2|perm3|perm4')) {

^^^ this doesn't work and I'd have to resort to $user->hasPermission('role') multiple times if there isn't a solution Not the end of the world of course, but this is neater/easier to read in the code.

[BitPoet]

Permissions are much more involved both in the core code and in the database than roles. There are real (e.g. page-edit, always installed), runtime (e.g. page-create, not present in the database) and optional (also called "delegated", e.g. page-publish, used if installed, otherwise replaced with page-edit) permissions. The current implementation of hasPermission also uses the same code path both for global checks and contextual ($page, $template) lookups. Of course, that doesn't prevent implementation of a multi-permissions check per se. BUT. Since code and database are much more involved, running lots of individual permission checks can quickly become a performance killer. IMHO it is in often better to add your own permission (or role) than to run multiple consecutive permission checks in code. I know, that's not a solution, but I'm not aware of a built-in shortcut. Adding a User::hasOnePermission hook method that splits on the pipe symbol and calls $user->hasPermission for each term should be straight-forward though.

[Pete]

5 minutes ago, BitPoet said:

Adding a User::hasOnePermission hook method that splits on the pipe symbol and calls $user->hasPermission for each term should be straight-forward though.

Yeah, you're right, they are very different behind the scenes so this may be the best way forwards. It is only ever going to be 3-4 at most so it should be fine performance-wise. Since I'm allowing the administrator of this particular app to assign roles to users as well as override and give users certain custom permissions outside of their role I have to check permissions for some things instead of relying on roles.

Thanks.