Skip to content

Create UnityPerms Class #88

New issue
New issue
Closed
Closed
Create UnityPerms Class#88
Assignees
sheldor1510
Labels
featureNew feature or request
Milestone
 
Version 1.2.0
@hakasapl

Description

@hakasapl
hakasapl
opened on Jun 27, 2023

The UnityPerms class will be defined in resources/lib/UnityPerms.php. It will be responsible for determining whether a user is authorized to perform an action on another.

The class should have a constructor that accepts the $USER and $SQL var.

You will then create a method for each permission, which returns true if the user $uid has permission to perform the action on $operated_on in the group$group. For example, the following is sequential for the unity.approve_user permission:

  • checkApproveUser($uid, $operated_on, $group)
    • Return false if $uid is not in $group
    • Get the assigned role that $uid has in $group
    • Return true if the assigned role has the permission unity.admin or unity.admin_no_grant
    • Return false if the assigned role doesn't have the unity.approve_user permission
    • Return false if $operated_on's assigned role's priority is higher than or equal to $uid's assigned role priority
    • Otherwise return true

You will then create similar methods for:

  • unity.approve_user - Allows user to approve a user within a group
  • unity.deny_user - Allows user to deny a user within a group
  • unity.grant_role - Allows user to grant any role with a lower priority than theirs
  • unity.revoke_role - Allows user to revoke any role with a lower priority than theirs

These permission exist but do not need methods like above since they are blanket permissions:

  • unity.admin_no_grant - Allows for every permission within a group, but you cannot make others admins
  • unity.admin - Allows for every permission within a group, including assigning this permission

This issue will involve creating helper methods in UnitySQL for the queries, as well as creating the UnityPerms class, which is new. It could be helpful to include helper private methods in UnityPerms for getting the assigned role of a user within a group, or any other repeated code that happens in the checkXYZ methods defined above. Also note that the assign role and revoke role check methods will require an additional parameter $role to check whether the role they are trying to assign is able to be assigned.

Metadata

Metadata

Assignees

Labels

featureNew feature or request

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions