Recent Topics
  1. b2evolution CMS Support Forums
  2. b2evolution Support
  3. Plugins & Extensions
  4. Using Groups to Allow Permissions to Features

Using Groups to Allow Permissions to Features

1 Jan 27, 2005 23:31    

I was blocking access to several features in the backoffice by checking the current users ID number against an if statement. This was a pain because everytime a new moderator was added to the site, I'd have to add their ID to the code. To simplify this (and make the code easier to understand) I created this simple function which I added to /blogs/conf/hacks.php

function hck_check_group( $GroupName, $UserID='' )
{
	global $DB;

	if( !is_logged_in() )
	{
		return false;
	}

	if( $UserID == NULL )
	{
		$UserID = get_user_info('ID');
	}

	$UsrGrpID = $DB->get_var( "SELECT user_grp_ID FROM evo_users where ID=$UserID" );
	$GrpID = $DB->get_var( "SELECT grp_ID FROM evo_groups where grp_name='$GroupName'" );

	if ( $UsrGrpID == $GrpID )
	{
		return true;
	}
	else
	{
		return false;
	}

}

So let's say you only want certain users to be able to see the Edit tab in the backoffice. First you'd need to create a group, which we'll call Moderators for this example. Then you need to open /blogs/admin/_menutop.php and find the following:

	<ul class="tabs">
	<?php
		if( $admin_tab == 'new' )
			echo '<li class="current">';
		else
			echo '<li>';
		echo '<a href="b2edit.php?blog=', $blog, '" style="font-weight: bold;">', T_('Write'), '</a></li>';

		if( $admin_tab == 'edit'  )
			echo '<li class="current">';
		else
			echo '<li>';
		echo '<a href="b2browse.php?blog=', $blog, '" style="font-weight: bold;">', T_('Edit'), '</a></li>';

And amend it like so:

		if ( hck_check_group('Moderators') )
	{
		if( $admin_tab == 'edit'  )
			echo '<li class="current">';
		else
			echo '<li>';
		echo '<a href="b2browse.php?blog=', $blog, '" style="font-weight: bold;">', T_('Edit'), '</a></li>';
	}

Now if you're going to check group membership a lot then it might be best to check for all your groups once at the top of the page like so:

		$is_admin = hck_check_group('Administrators');
		$is_mod = hck_check_group('Mods');
		$is_supermod = hck_check_group('SuperMods');

And then check your If statements like so:

if ( $is_admin )
{
      echo 'hello admin';
}

As always I'm sure there are better ways of doing these things and if there is I'd love to hear about it.

Back to top

2 Feb 03, 2005 21:03

Could this be used to only allow users access to certain categories of post? I need to do this for a blog I'm setting up... I'm trying to decide whether to figure out some way of using apache to do it or to use b2evo - would prefer to use the blog!

Back to top

3 Feb 03, 2005 21:22

It depends what you mean by access. If you mean editing then that's quite easy - but if you mean being able to view posts then that's difficult and is better done by setting up another blog.

Back to top


Form is loading...