You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

The Access Control List (ACL) is made available to plugins so access may be restricted and configured under Staff Groups.

Adding to the ACL

To add your plugin to the ACL you must first decide under which permission group your access permissions will go. There are existing permission groups, but you may wish to create your own. To do so, invoke Permissions::addGroup().

/plugins/my_plugin/my_plugin_plugin.php
<?php
class MyPluginPlugin extends Plugin {
 
    ...
 
    public function install($plugin_id) {
        Loader::loadModels($this, (array("Permissions"));

		// Add a new permission group
        $group = array('name' => "Permission Group Name", 'level' => "staff", 'alias' => "my_plugin");
        $group_id = $this->Permissions->addGroup($group);
    }
}
?>

Once you have a permission group to reference, invoke Permissions::add() with the appropriate parameters to create your access permission, setting 'alias' as the controller class name (e.g. FooBar becomes foo_bar) and 'action' as the method to control (use * for all methods in a controller).

/plugins/my_plugin/my_plugin_plugin.php
<?php
class MyPluginPlugin extends Plugin {
 
    ...
 
    public function install($plugin_id) {
        Loader::loadModels($this, array("Permissions"));

		// Add a new permission group
        $group = array('name' => "Permission Group Name", 'level' => "staff", 'alias' => "my_plugin");
        $group_id = $this->Permissions->addGroup($group);

		// Add a new permission to the group
        $perm = array('group_id' => $group_id, 'name' => "Some Action", 'alias' => "my_plugin", 'action' => "someMethod");
        $this->Permissions->add($perm);
    }
}
?>

Clean up after your plugin

Be sure to remove any permissions or permission groups you've added when your plugin is uninstalled by using the Permissions::deleteGroup() and Permissions::delete() methods when your plugin's uninstall() method is called.

Once you've added all of your access permissions there is nothing more you need to do. Your plugin will be now only be made available according to the access permissions you've defined and have been configured.

Is my plugin required to use the ACL?

Your plugin is not required to use the ACL, but it's a good idea. Using the ACL allows users who install your plugin finer grained control over where your plugin can appear and who can use it.

  • No labels