-- all -- People Communities
[Browse] [Tag cloud]

Welcome to Elgg's documentation

This is the place to find documentation on all aspects of Elgg. If you would like to contribute your own documentation please do; we want this to be a real community effort!

From Elgg Documentation

Contents 1 Introduction 2 Limit access programaticaly 3 Limit the access by configuration 4 Notes

[edit] Introduction

The role plugin provides a way to manage/restrict the access to some functionalities by roles.

It comes with an easy UI that let you specify the activities allowed by role and who have each role.

However manage roles and users is not enough, you will need to add some lines of code to your plugin for make use of this functionality. This little HOWTO explains how to use the privided API to make your plugin role managed friendly

[edit] Limit access programaticaly

If you are developing a new plugin for your site and you know that it should be restricted for some specific roles, this is the option for you.

Restrict access programaticaly is straightforward the only thing that you need to do is use the has_role function to limit the options showed in menus and submenus.

For example:

 myplugin_pagesetup(){
 ...
   if(isloggedin() && (isadmin($USER->ident) ||  has_role("manager",$USER->ident))){
     $PAGE->menu[]= array (
         'name' => 'myplugin',
         'html' =>  "<li>".a_href($CFG->wwwroot.user_info('username',$USER->ident)."/myplugin /",__gettext("My plugin"))."</li>");    
   }

   if(defined('context') && context == "myplugin" && (isadmin($USER->ident) ||   has_role("manager",$USER->ident))){
     $PAGE->menu_sub[] = array(
     	'name' => "myplugin",
         'html' =>  a_href($CFG->wwwroot.user_info('username',$USER->ident)."/myplugin/module /action",__gettext("My action")));
   }
 
 ...
 }

Would restrict the access to myplugin to users that have the manager role.

[edit] Limit the access by configuration

If you are not sure if you wants to restrict your plugin for an specific role but you think that could be great to support that possibility this is your way. With this approach you can use the provided UI to restrict the access for your plugin.

Restrict access by configuration is straightforward too. The only thing that you need to do is use the role_can_access function to limit the options showed in menus and submenus.

For example:

 myplugin_pagesetup(){
 ...
   if(isloggedin() && (isadmin($USER->ident) ||  role_can_access("myplugin",$USER->ident))){
     $PAGE->menu[]= array (
         'name' => 'myplugin',
         'html' =>  "<li>".a_href($CFG->wwwroot.user_info('username',$USER->ident)."/myplugin /",__gettext("My plugin"))."</li>");    
   }

   if(defined('context') && context == "myplugin" && (isadmin($USER->ident) ||   has_role("myplugin",$USER->ident))){
     $PAGE->menu_sub[] = array(
     	'name' => "myplugin",
         'html' =>  a_href($CFG->wwwroot.user_info('username',$USER->ident)."/myplugin/module /action",__gettext("My action")));
   }
 
 ...
 }

[edit] Notes

• In role/lib.php you can find a couple of functions that would be useful too.
• Remember that don't show your plugin on the menu and submenu didn't implies that your plugin could be accessed by URL. You need to use the same functions in your plugin pages to make sure that your plugin is accessed only for the right people.