This is the documentation for concrete5 version 5.6 and earlier. View Current Documentation

Concrete 5 comes with a brilliant permission system, for both advanced sites and complex workflow and simple sites too. These two are catered for by toggling between two markedly different modes dubbed; simple and advanced permission mode. Developers can switch on (but not off, this is a one way journey!) advanced permissions for you using a simple configuration setting in site.php:

define('PERMISSIONS_MODEL', 'advanced');

If you're a programmer and diving deep into Concrete 5, you're going to want to control these programatically, say on the event handling framework after a user adds a page you might want to follow it up with a set of automated restrictions. The code below was our trial and error with comments of how to get there....

//Okay we need to set the permissions of this page so it's only seen
//by selected organisations. 
$p = Page::getByPath('/my-secrets');

//Set the page to manual permission mode
$p->setPermissionsToManualOverride();

//Set the child pages to inherit these permissions (rather than default)
$p->setPermissionsInheritanceToOverride();

//We're changing the view permission, there's a handle for all the others 
//if you are after, say, approve_versions just change the argument
$pk = PagePermissionKey::getByHandle("view_page");

//set the current page against the permission object we're scaffolding
$pk->setPermissionObject($p);

//Return the access object (the abstraction here is long winded, but
//you don't get anything this powerful for free!). Don't edit this without
//the line below, or you'll edit all pages!
$paGlobal = PermissionAccess::getByID($pk->getPermissionAccessID(), $pk);

//Duplicate the above access object so we can make our own bespoke permission
//modifications
$pa = $paGlobal->duplicate();

//Get your groups you wish to add to the view_page permission key
$addTheseGroups = array(
    Group::getByName("Clever Users"),
    Group::getByName("Beautiful Users")
);

//Assign your groups to our newly created permission access object
foreach ($addTheseGroups as $addMe)
{
    $pe = GroupPermissionAccessEntity::getOrCreate($addMe);
    $pa->addListItem($pe, false, 10);
}

//Get the groups you explicitly wish to remove from the permissions
$removeTheseGroups = array(
    Group::getByName("Lawyers"),
    Group::getByName("Politicians")
);

//And remove them from our newly created permissions access object
foreach ($removeTheseGroups as $removeMe)
{
    $pe = GroupPermissionAccessEntity::getOrCreate(Group::getByName($removeMe));
    $pa->removeListItem($pe);
}

//Save our newly created Permission Configuration
$pa->save(array('paID' => $pa->getPermissionAccessID()));

//Get the permission reference for our page
$pt = $pk->getPermissionAssignmentObject();

//And give it our new configuration
$pt->assignPermissionAccess($pa);

//and again, elevating the privileges for account holders of those organisations
$pae = GroupCombinationPermissionAccessEntity::getOrCreate(array_merge($groups, array(Group::getByName('Account Holders'))));

//And we're done!

We hope this saves you a few hours and at least one backup recovery of the permissions tables to get rolling your own advanced permissions out in your own sites!

Loading Conversation