MaxDB PHP Generator online Help
Prev | Return to chapter overview | Next |
OnGetCustomPagePermissions
This event allows you to customize page-level permissions.
Signature:
function OnGetCustomPagePermissions($pageName, $userId, $userName, $connection, &$permissions)
Parameters:
$pageName |
The name of the page |
$userId |
The id of the current user |
$userName |
The name of the current user |
$connection |
An instance of EngConnection class |
$permissions |
Permissions to be applied to the page. An instance of the PermissionSet class. |
Example
This example shows how to implement a simple role-based permission model. Our goal is to ensure that only site admins and members of the Sales role can add, remove and edit records displayed on this page.
// do not apply these rules for site admins
if (!GetApplication()->HasAdminGrantForCurrentUser()) {
// retrieving all user roles
$sql =
"SELECT r.role_name " .
"FROM phpgen_user_roles ur " .
"INNER JOIN phpgen_roles r ON r.id = ur.role_id " .
"WHERE ur.user_id = %d";
$result = $connection->fetchAll(sprintf($sql, $userId));
// iterating through retrieved roles
if (!empty($result)) {
foreach ($result as $row) {
// is current user a member of the Sales role?
if ($row['role_name'] === 'Sales') {
// if yes, allow all actions.
// otherwise default permissions for this page will be applied
$permissions->setGrants(true, true, true, true);
break;
}
}
};
}
See also: OnGetCustomRecordPermissions.
Prev | Return to chapter overview | Next |