HobbyHome/kirby-permissions
1
0
Fork 0
Code Issues 1 Releases Activity

Create the hook and methods required to allow permissions checking based on tags.

Browse Source
This commit is contained in:
2026-04-20 12:26:32 +10:00
parent 7d086d492a
commit f729c7ac43
3 changed files with 105 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
blueprints/fields/permission-access.yml Normal file
View File

@@ -0,0 +1,8 @@
type: fields
fields:
permissionAccess:
label: Access Permission
type: tags
options: query
query: site.getPermissionTags

8
blueprints/fields/permission-user.yml Normal file
View File

@@ -0,0 +1,8 @@
type: fields
fields:
permissionUser:
label: User Permissions
type: tags
options: query
query: site.getPermissionTags

89
index.php
View File

@@ -14,6 +14,62 @@
Kirby::plugin( Kirby::plugin(
name: "hobbyhome/permissions", name: "hobbyhome/permissions",
extends: [ extends: [
"options" => [
"excludeAdmin" => true,
"inherit" => true,
],
"blueprints" => [
"fields/permission-user" => __DIR__ . "/blueprints/fields/permission-user.yml",
"fields/permission-access" => __DIR__ . "/blueprints/fields/permission-access.yml",
],
"hooks" => [
"page.render:before" => function ($contentType, $data, $page) {
if (!$page->hasPerm()) {
go(site()->errorPage(), 403);
}
return $data;
},
"permissions.page:check" => function ($permission, $page, $field = "permissionAccess", $inherit = null) {
$permission = hasPerm($page, $field);
if ($permission) {
if (is_null($inherit)) {
$inherit = option("hobbyhome.permissions.inherit");
}
if ($inherit) {
// We're inheriting permissions.
// Ensure user has access to parent pages.
foreach ($page->parents() as $parent) {
if (!hasPerm($parent, $field)) {
$permission = false;
break;
}
}
}
}
return $permission;
}
],
"pageMethods" => [
"hasPerm" => function ($field = "permissionAccess", $inherit = null) {
$permission = false;
return kirby()->apply("permissions.page:check", ["permission" => $permission, "page" => $this, "field" => $field, "inherit" => $inherit], "permission");
},
],
"siteMethods" => [
"getPermissionTags" => function() {
$userPermissions = kirby()->users()->pluck("permissionUser", ",", true);
$accessPermissions = $this->index(true)->pluck("permissionAccess", ",", true);
$availablePermissions = A::merge($userPermissions, $accessPermissions);
return $availablePermissions;
},
],
], ],
info: [ info: [
"authors" => [[ "authors" => [[
@@ -25,3 +81,36 @@ Kirby::plugin(
"version" => "0.0.0", "version" => "0.0.0",
], ],
); );
/**
* Check if a user has the permission set on $object->$field().
*/
function hasPerm($object, $field = "permissionAccess") {
$hasPerm = false;
if ($object->$field()->isEmpty()) {
// Permission is not restricted.
$hasPerm = true;
} elseif ($user = kirby()->user()) {
if (option("hobbyhome.permissions.excludeAdmin") and $user->role()->isAdmin()) {
// User is an admin and excluded from permission checks.
$hasPerm = true;
} else {
// Get user permissions.
$userPermissions = $user->permissionUser()->split();
// Get object permissions.
$objectPermissions = $object->$field()->split();
// Check if at least one object permission is in the list of user permissions.
foreach ($objectPermissions as $permission) {
if (A::has($userPermissions, $permission, true)) {
$hasPerm = true;
break;
}
}
}
}
return $hasPerm;
}