Jump to content

Is the API void of permissions/roles?


a-ok
 Share

Recommended Posts

From what I understand, you could create/publish pages regardless of roles/permissions. However, if you were to wrap the page creation in an if statement like :

if($user->hasPermission('permission-name', $page)) {
  // user has this permission, for this $page
}

then that person with the permission could perform whatever action you created.
 

  • Like 2
Link to comment
Share on other sites

4 hours ago, a-ok said:

Is the API void of permissions/roles?

it depends!
 

// ADD PAGE
// adding a page via API can be triggered by the guest user even if he has not the permission to add children under a specific parent (12464)
if ($user->isGuest()) $pages->add('contribution', 12464); // works

// VIEW PAGE or FIELD VALUE
// if guest user has not the view permission it depends on outputformatting
if ($user->isGuest()) var_dump($pages->get(12985)->title); // "I am the Page Title"
if ($user->isGuest()) var_dump($pages->get(12985)->of(true)->title); // NULL

// MODULES
// Call of a Module via API. User has not the permission to use the module
if ($user->isGuest()) $modules->get('MyModule')->execute(); // Fatal error: Exception: You do not have permission to execute this module (if debug mode is on/ 500 otherwise)
if ($user->isGuest()) $modules->getModule('MyModule', array('noPermissionCheck' => true))->execute(); // works!

 

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...