ASISG
Gy - php framework/CMS | Documentation | User group
Groups of users
Each user can belong to several user groups. Each group gives permission for certain actions in the system (user actions).
In the admin panel, you can go to -> "Users", and then click "change" with the necessary user, and there will be the setting "Rights Group:", where you can choose which user groups the changed user belongs to.
You can also customize or create new user groups. This can be done in the admin panel -> "Users", then the button "setting permissions groups". On the page that opens, you can change the existing groups and create new ones; at the same time, custom actions are set for the groups. These actions are specified when installing the modules (when this will be implemented) and there are always a certain number of them in the system (the user cannot set new ones or delete them).
Currently there are actions:
- "Show admin panel" (show_admin_panel) - this action allows an authorized user to view admin pages;
- "Edit All (Admin)" (action_all) - this action is for admins who are allowed everything;
- "Edit all container-data" (edit_container_data) - change of all data containers (can be set for users - content manager);
- "Change users (except admins)" (edit_users) - this action allows you to change users except administrators.
Note:
- you cannot change or delete groups default data after installation it - "Admins", "Content", "Admins for users (user_admin)";
- only admins can work (change, create, delete) with groups;
- no one can change the group "Admins (admins)" (even the admin, so that there is no option for all admins to disappear, by chance);
- if the user belongs to several groups, then the rights assigned to these groups are summarized, i.e. the user will have access to all user actions set for all his groups.
An example of working with groups in code
To work with groups, the accessUserGroup class was created (gy/classes/accessUserGroup.php) which contains all the necessary methods.
For example, on the admin pages to check if the current user is allowed to view the admin panel
accessUserGroup::accessThisUserByAction( 'show_admin_panel')
т.е. show_admin_panel - is a user action that allows you to view the admin panel.
Further, if on the admin page we are talking about changing users, then you need to check whether this action is available to the current user:
accessUserGroup::accessThisUserByAction( 'edit_users')