Programmatically Setting Advanced Permissions Example

Permalink 6 users found helpful
since this isn't too well documented yet I'm just adding this as reference in case anyone else is looking for it.

$c = $this->getCollectionObj();
$pxml->guests['canRead'] = false;
$pxml->registered['canRead'] = false;
$pxml->group[0]['gID'] = ADMIN_GROUP_ID;
$pxml->group[0]['canRead'] = true;
$pxml->group[0]['canWrite'] = true;
$pxml->group[0]['canApproveVersions'] = true;
$pxml->group[0]['canDelete'] = true;
$pxml->group[0]['canAdmin'] = true;
$pxml->user[0]['canRead'] = true;
$pxml->user[0]['canWrite'] = false; 
$pxml->user[0]['canAdmin'] = false; 

View Replies:
pvs replied on at Permalink Reply
Hey Tony,

what is the easiest way to remove a page from the public eyes? like make it for guests unavailable?
I was using the following but sometimes I am getting an error...
foreach ($languages as $language)
            $p = Page::getByPath(strtolower('/'.$language.'/'.$default_path.'/'.$data["Type"].'/'.$data["UniqueNumber"]));
            $p->setAttribute('exclude_nav', (int) $excludeis);

my error is
Fatal error: Class 'CollectionAttributeKey' not found in /var/www/concrete/models/collection.php on line 183

Help :)..
Tony replied on at Permalink Reply
guess it would be something like:

$pxml->guests['canRead'] = false;
$pxml->registered['canRead'] = true;

as far as that error goes, just make sure you've got that class included:

pvs replied on at Permalink Reply
Thanks Tony, I will give it a shot.
hereNT replied on at Permalink Reply
Is there an example of doing something similar with simple permissions?
warpol replied on at Permalink Reply

Can you tell me where I can modify these permissions within the core?
Tony replied on at Permalink Reply
what are you trying to do? where you make these changes depends on that.

have you tried just turning on advanced permissions and seeing what the user interface provides?
12345j replied on at Permalink Reply
what he/she is trying to do is to disable users from moving pages they don't have permissions for.
Mnkras replied on at Permalink Reply
the permissions that you can access via advanced permissions are all the permissions, there are no others,
Tony replied on at Permalink Reply
if that's the case, I'm not sure if the sitemap allows for that kind of thing. It may just have the one permission setting for access to the sitemap, and all those who have access to that page have the ability to move pages around. If he/she is trying to modify the sitemap core code to prevent that kind of thing, then she wouldn't need any of the code shown above, just a check to see if that page was editable by that user.
Mnkras replied on at Permalink Reply
yea, as Tony said, i checked the core, there is nothing hidden permission wise, everything you can do in the code, you can do in the CMS,
12345j replied on at Permalink Reply
my bad, i thought there might be a permission setting canMove for pages, but it looks not. don't see how the check would help though, if you can't restrict it after checking.
andrewsturm replied on at Permalink Reply
Hi Tony,

I was wondering if you know of a way to set area permissions on a newly created page?

(version 5.5.2)
mkantor replied on at Permalink Reply
Nowadays (5.6) you can do things like the following:

// If the page isn't already set to override, $page->assignPermissions() will 
// do that for us and clear out all pre-existing permissions. In this case we 
// want to *add* to pre-existing permissions, so we have to do it ourselves.
$allPagePermissionKeys = PermissionKey::getList('page');
$allPagePermissionKeyHandles = array_map(function($permissionKey) {
   return $permissionKey->getPermissionKeyHandle();
}, $allPagePermissionKeys);
// Ninjas can do anything to the page.
$page->assignPermissions(Group::getByName('Ninjas'), $allPagePermissionKeyHandles);
// Proofreaders can only do some things.
$page->assignPermissions(Group::getByName('Proofreaders'), array(

Note that assignPermissions() isn't as flexible as setting up the permission keys/assignments from scratch. You can only assign permissions to single users, groups, or group combinations and not other access entities like group sets, page creator, etc; also, you can't set "details" for permission access objects like collection type restrictions for add_subpage or property restrictions for edit_page_properties. To control these you need to dig deeper and manipulate the PermissionAccess objects manually (at least as far as I've found—if someone knows a shortcut I'd very much like to hear about it since it can be a pain to do things at the lower level).
glockops replied on at Permalink Reply