I want to create a Component with one mysql-table to store users data and I need to apply different group privileges to each database entry.
Is there an easy way to use the built-in Access Control System of modx (Revolution) to check Access Rights?
Is there anything like e.g. $modx->hasAccess()?
Or is there an article or a tutorial about how to use the Access Control System?
$tests = $modx->getCollection('modTest'); foreach ($tests as $test) { echo $test->get('name')."<br />"; }
The issue with modUser is in loadAttributes(). The first parameter is target, which identifies the modAccess derivatives to load user policies for. Unless you add code in the case statements to handle modAccessTest, atm the users will never get the policies they need to get permission to this ACL target. I will work on adding a generic handler for this today, so custom targets like modAccessTest can be automatically loaded.
Many, many thanks for your detailed reply. That’s what I was looking for. But I didn’t understand the thing with extending modUser...
Can you share your findPolicy() implementation?
Then I implemented findPolicy() to modtest.class.php.
Is it because I didn’t extend modUser? Or maybe because I used the wrong xPDO method?
If it’s just the modUser thing it would be great to get this patched file.
Unless you add code in the case statements to handle modAccessTest, atm the users will never get the policies they need to get permission to this ACL target.I already tried to copy both modAccessContext-case statements in moduser.class.php and changed them to modAccessTest, but it won’t work. I think I’ll wait for your updated modUser file to not have to hack the core file. Do you already know when the new file is ready to use?
class modTest extends modAccessibleSimpleObject {
public function __construct(& $xpdo) {
parent :: __construct($xpdo);
}
public function findPolicy($context = ’’) {
$policy = array();
$context = !empty($context) ? $context : $this->xpdo->context->get(’key’);
if (empty($this->_policies) || !isset($this->_policies[$context])) {
$accessTable = $this->xpdo->getTableName(’modAccessTest’);
$policyTable = $this->xpdo->getTableName(’modAccessPolicy’);
$sql = "SELECT acl.target, acl.principal, acl.authority, acl.policy, p.data FROM {$accessTable} acl " .
"LEFT JOIN {$policyTable} p ON p.id = acl.policy " .
"WHERE acl.principal_class = ’modUserGroup’ " .
"AND acl.target = :context " .
"GROUP BY acl.target, acl.principal, acl.authority, acl.policy";
$bindings = array(
’:context’ => $this->get(’key’)
);
$query = new xPDOCriteria($this->xpdo, $sql, $bindings);
if ($query->stmt && $query->stmt->execute()) {
while ($row = $query->stmt->fetch(PDO::FETCH_ASSOC)) {
$policy[’modAccessTest’][$row[’target’]][] = array(
’principal’ => $row[’principal’],
’authority’ => $row[’authority’],
’policy’ => $row[’data’] ? xPDO :: fromJSON($row[’data’], true) : array(),
);
}
}
$this->_policies[$context] = $policy;
} else {
$policy = $this->_policies[$context];
}
return $policy;
}
}
$modx->setDebug(true); $tests = $modx->getCollection('modTest'); foreach ($tests as $test) { echo $test->get('name')."<br />"; }
$targets = array('modAccessContext', 'modAccessResourceGroup', 'modAccessCategory');
$targets = array('modAccessContext', 'modAccessResourceGroup', 'modAccessCategory', 'modAccessTest');
Array ( [modx.user.contextTokens] => Array ( [web] => 2 ) [modx.user..attributes] => Array ( [web] => Array ( [modAccessContext] => Array() [modAccessResourceGroup] => Array() [modAccessCategory] => Array() [modAccessTest] => Array() ) ) [webDocgroups] => Array ( [0] => 1 ) [webShortname] => testuser [webFullname] => testuser [webEmail] => [email protected] [webValidated] => 1 [webInternalKey] => 2 [webValid] => OWJhNmYyZFc5MjkwZGJiODIwYuAtNDVjOGZhujVmOWQ= [webUser] => bxlrQXRydWEtZXI= [webFailedlogins] => 0 [webLastlogin] => 1254823266 [webnrlogins] => 15 [webUserGroupNames] => [modx.web.session.cookie.lifetime] => 0 [modx.request.referrer.redirected] => Array ( [id] => 8 [rememberme] => [returnUrl] => /modx/index.php?id=8 [service] => login [username] => testuser [password] => testuser [Login] => Login ) [modx.user.2.attributes] => Array ( [web] => Array ( [modAccessContext] => Array ( [web] => Array ( [0] => Array ( [principal] => 2 [authority] => 9999 [policy] => Array ( [create] => 1 [delete] => 1 [load] => 1 [list] => 1 [remove] => 1 [save] => 1 [view] => 1 ) ) ) ) [modAccessResourceGroup] => Array ( [1] => Array ( [0] => Array ( [principal] => 2 [authority] => 9999 [policy] => Array ( [create] => 1 [delete] => 1 [load] => 1 [list] => 1 [remove] => 1 [save] => 1 [view] => 1 ) ) ) ) [modAccessCategory] => Array() [modAccessTest] => Array() ) ) )