Hello everyone!

I just wanted to share my implementation of granting specific permissions to members within the member module, based on two goals:

    Flexible Creation of Permissions
    Easy implementation

My original idea was to add a set of 'checkbox' typed inputs to the member implementation, but realized that carried some issues with flexible creation of permissions as it required manual editing of the associated PHP file if a new situation arose. So, instead, I created a related template containing only the following code:

Code: Select all
<cms:template clonable='1' name='member_permissions' title='Permissions' hidden='1'>
   <cms:editable type='text' name='allowed_access' label='Name of Accessible Area' />

Then, in the template that implements the Member profiles:

Code: Select all
<cms:editable type='relation' name='permissions' masterpage='**your permissions template location**' />

Then, to verify access - as an example, I'll say that it's for a blog where certain members and all administrators can post - you would create two pages for the Permissions with the allowed_access values 'admin' and 'blog'. Assign the permissions to the appropriate users, and in the blog posting area have the default value be that posting is enabled:

Code: Select all
<cms:if k_user_id gt '0'>   
   <cms:pages masterpage=k_user_template id=k_user_id >
      <cms:related_pages >
         <cms:if (allowed_access='admin') || (allowed_access='blog') >
            <cms:set permission_granted='y' 'global' />
      </cms:related_pages >
   <cms:if permission_granted ne 'y' >
      // code to address lack of permissions how you see fit.

The "user_id gt '0'" statement ensures that the superadmin has access to the pages when logged in.

There's probably a cleaner way of doing it, but this has allowed me to implement some fairly complex permissions based on employee location, job title, etc. by checking various combinations of permissions, i.e.

Code: Select all
<cms:if (allowed_access = 'admin') || (allowed_access = 'manager' && allowed_access = k_page_name) >