Is this safe to use as a permission setting?

[GuruMeditation]

Hi all, me again

Please don't ask why I want to do this rather than to use the built in permission routines, but I really have my nutty professor reasons.

If I add an option to a page called Allowed, and that option is a checkbox, would that be sufficient to be used as a permission for viewing a certain restricted part of a page? By this, I mean if I check for whether or not it's ticked? If it is ticked I allow them to see something, and if not I don't. Or am I missing something in regards to security?

[adrian]

If I understand correctly, it sounds fine. I am assuming you'll have a conditional in the template file for this page that will only render that portion of the page if the checkbox is checked?

[GuruMeditation]

Exactly. I just wanted to know that these will basically work the same.

If(theCheckboxForThisPortionIsChecked){   // Not logical I know, but you know what I mean?

  echo "Show this";

}

if($user->hasPermission("forThisPortion")) {

  echo "Show this";

}

Or does hasPermission have some hidden security features that the former doesn't?

[adrian]

The only difference I can think of is that an admin editor with the rights to edit the page with the checkbox could change this setting on you, whereas permission/role based restrictions require a higher level permission to change, but presumably this shouldn't really be an issue.

[GuruMeditation]

Well I will be the only back-end admin on the site. All other editing will be via the front-end through pages and forms I've created. This is the reason I'm setting up an admin page with my own permissions (checkboxes), so that I can organise them better for myself.

[GuruMeditation]

Just a quick update, I've now got some code to show, to explain exactly what I mean.

I've set up some pages which will act as forum categories. These use a template called forum_cat. I have also set up a page field called forum_access which is attached to this template. The forum_access field has the parent admin/access/Roles so that I can select which roles are allowed to view that forum category.

$forumCategories = $pages->find("template=forum_cat");
    foreach($forumCategories as $forumCategory) {
            foreach($forumCategory->forum_access as $forumAccess) {
                if($user->roles->has($forumAccess)) {
                    echo $forumCategory->title;
                    break;
                }
            }
    }
}

So back to the original question, is this just as safe as using a standard permission? I want to do it this way so that each forum category acts as a setting page for that particular category.

Thanks again.