About Sitellite       Screenshots       Downloads       Forge      Documentation       Community       Support

You are here: Home / Roles and Teams: Sitellite's Access Control System

Roles and Teams: Sitellite's Access Control System

Code Examples

Sitellite's access control features can be accessed programmatically when you're building custom apps, from anywhere within your app libraries, boxes, forms, or properties. This is done using the following functions:

boolean session_allowed (mixed resource, string access, string type)

This function is the main permission verification function. It is used as follows:

<?php

// Is the user allowed to access this app?

if (! session_allowed ('app_myapp', 'rw', 'resource')) {
	die ('Failed');
}

echo 'Passed';

// Is the user allowed to read the private access level?

if (! session_allowed ('private', 'r', 'access')) {
	die ('Failed');
}

echo 'Passed';

// Is the user allowed to view the archived status?

if (! session_allowed ('archived', 'r', 'status')) {
	die ('Failed');
}

echo 'Passed';

// Is the user allowed to write to the marketing team?

if (! session_allowed ('marketing', 'w', 'team')) {
	die ('Failed');
}

echo 'Passed';

// Is the user allowed to read a specific web page

$page = db_single (
	'select * from sitellite_page where id = ?',
	'some-page-id'
);

if (! session_allowed ($page, 'r')) {
	die ('Failed');
}

echo 'Passed';

?>

boolean session_is_resource (string name)

This function simply checks whether the specified resource exists.

<?php

if (! session_is_resource ('app_myapp')) {
	die ('This app has not been defined as a resource by the site admin');
}

?>

boolean session_admin ()

This function determines whether the current user is an administrative user or not.

<?php

if (! session_admin ()) {
	die ('The current user is not an admin-level user');
}

?>

boolean session_valid ()

This function checks whether the current user is logged in or not.

<?php

if (! session_valid ()) {
	die ('The user is not logged in');
}

?>

string session_role ()

This function returns the current user's role.

<?php

echo 'The user is a ' . session_role ();

?>

string session_team ()

This function returns the current user's team.

<?php

echo 'The user is a member of ' . session_team ();

?>

string session_allowed_sql () string session_approved_sql ()

These functions return a string that can be concatenated into an SQL query's WHERE clause to limit it to results that the current user is allowed to view. The first function is used for admin-level users, and the second for non-admin users. The difference is that non-admins are always restricted to the approved status.

<?php

$sql = 'select * from sitellite_page where id = ? and ';

if (session_admin ()) {
	$sql .= session_allowed_sql ();
} else {
	$sql .= session_approved_sql ();
}

$page = db_single ($sql, 'some-page-id');

// ...

?>

As you can see, Sitellite's acces control system is very flexible and highly customizable at all levels. Now you have the concepts and examples to take full advantage of it.



Page 1: Roles
Page 2: Built-in Roles
Page 3: Code Examples

Home   More Workflow Stories

Members

Note: You can use your SitelliteForge.com account here and vice versa.

Username

Password

Forgot your password?

Not a member? Click here to register

Sitellite 5 Beta
Copyright © 2008, SIMIAN systems Inc.
All rights reserved. Privacy policy
Some of the icons on this site were created by the Gnome Project.