Class: SessionAcl

SessionAcl SessionAcl( [mixed $user = false], [mixed $role = 'anonymous'], [mixed $team = 'core'], [mixed $teams = false])

array adminRoles( )

Returns the list of roles which are admins.

boolean allowed( [mixed $resource = 'documents'], [string $access = 'rw'], [string $type = 'resource'])

Specifies whether the user is allowed to access the requested

resource. $resource may be a string, or an object or associative array with the properties name, sitellite_access, sitellite_status, and optionally, sitellite_team. Valid $access values are r, w, and rw (read, write, and read/write). Valid $type values are resource, access, status, and team.

Tags:

Parameters:

array allowedAccessList( )

Returns an array of allowed access levels for the current user.

If the user is allowed to access all levels, this method returns an array containing a single item "all".

Tags:

string allowedSql( )

Returns a piece of SQL that can be slipped into the WHERE clause of a query to check for proper permissions.

Tags:

array allowedStatusList( )

Returns an array of allowed statuses for the current user. If the

user is allowed to access all statuses, this method returns an array containing a single item "all". If the user is not an admin user, it will return a single value "approved", because that is the only status non-admins can access.

Tags:

array allowedTeamsList( [boolean $list = false])

Returns an array of allowed teams for the current user. If the

user is not an administrator, in which case teams are not relevant, or if the user is allowed to access all teams, this method returns an array containing a single item "all". This is true unless the $list parameter is set to true, in which case a list of all the teams is returned instead.

Tags:

Parameters:

string approvedSql( )

Returns a piece of SQL that can be slipped into the WHERE clause of

a query to check for proper permissions, but that only returns items with a status of "approved". This being separated from allowedSql() allows you to display drafts in private (ie. administrative) lists of items in your code, but by using this method instead on public-facing pages, you can be sure that they will only see actually approved documents, and will still be granted access based on their access privileges.

This method also ignores the sitellite_team value, which allowedSql() does not (providing editing restrictions based on teams).

Tags:

void init( [mixed $path = 'inc/conf/auth'])

void initPrefs( )

boolean isAdmin( )

Determines whether the current user belongs to an administrative role.

Tags:

boolean isResource( string $name)

Determines whether the specified resource name exists.

Tags:

Parameters:

mixed pref( string $name)

Returns the value of the specified preference setting.

Tags:

Parameters:

mixed prefSet( string $name, mixed $value)

Alters the value of the specified preference setting, in the current session AND in the database. Returns false on failure to update.

Returns the previous value on success.

Tags:

Parameters:

void verify( [mixed $userDisabled = false])