Checking Permissions

Improvements?

Let us know by posting here.

Checking Complex Permission Keys

For permissions with granular control, like "Edit Page Properties," the process involves more detailed checks. To determine specific permissions, such as editing a page name, follow these steps:

  1. Retrieve the permission key:

    $key = \Concrete\Core\Permission\Key\Key::getByHandle('edit_page_properties');
    
  2. Set the permission object:

    $c = \Page::getCurrentPage();
    $key->setPermissionObject($this->page);
    
  3. Since "Edit Page Properties" is an advanced permission key, it's an instance of [Concrete\Core\Permission\Key\EditPagePropertiesKey]. Use its getMyAssignment method to get a [Concrete\Core\Permission\Access\ListItem\EditPagePropertiesListItem] instance:

    $assignment = $key->getMyAssignment();
    
  4. This method contains all necessary functions to check specific actions under the Edit Page Properties permission. For instance, to check if a user can edit the page's name:

    if ($assignment->allowEditName()) {
       // User can edit the page's name
    }
    

This approach is generally used for permission keys with advanced capabilities, retrieving a list item object that defines the current user's permissions.

Checking Permissions for Different Users or Groups

To check permissions for users or groups other than the currently logged-in user, follow these steps:

Check Page for Guest Group Viewing

  1. Get the permission key for View Page:

    $key = Key::getByHandle('view_page');
    
  2. Set the permission object:

    $key->setPermissionObject($page);
    
  3. Retrieve the access object for the key/object combination:

    $access = $key->getPermissionAccessObject();
    if (!$access) {
       return false;
    }
    
  4. Get the access entity for the Guest Group:

    $guestGroup = \Concrete\Core\User\Group\Group::getByID(GUEST_GROUP_ID);
    $entity = \Concrete\Core\Permission\Access\Entity\GroupEntity::getOrCreate($guestGroup);
    
  5. Validate the access object against the Guest Group entity:

    return $access->validateAccessEntities([$entity]);
    

Check File Download Permission for a Specific User

  1. Retrieve the permission key for View File:

    $key = Key::getByHandle('view_file');
    
  2. Set the permission object:

    $file = \File::getByID(10);
    $key->setPermissionObject($file);
    
  3. Retrieve the access object for the key/object combination:

    $access = $key->getPermissionAccessObject();
    if (!$access) {
       return false;
    }
    
  4. Get the User object for the specific user:

    $info = \User::getByName('andrew');
    
  5. Retrieve all access entities for that user:

    $entities = \Concrete\Core\Permission\Access\Entity\Entity::getForUser($info);
    
  6. Pass the entities to the access object to validate:

    return $access->validateAccessEntities($entities);
    

This approach lets you check whether specific users or groups, like the Guest group or a particular user, have the necessary permissions.

Full List of Permission Keys

Handle Name Category Custom Class Can Trigger Workflow
access_api Access API admin No No
access_page_defaults Access Page Type Defaults admin No No
access_page_type_permissions Access Page Type Permissions admin No No
access_task_permissions Access Task Permissions admin No No
add_topic_tree Add Topic Tree admin No No
customize_themes Customize Themes admin No No
edit_topic_tree Edit Topic Tree admin No No
empty_trash Empty Trash admin No No
manage_layout_presets Manage Layout Presets admin No No
remove_topic_tree Remove Topic Tree admin No No
upgrade Upgrade Concrete admin No No
view_announcement_content View Announcement Content admin No No
view_in_maintenance_mode View Site in Maintenance Mode admin No No
add_block_to_area Add Block to Area area Yes No
add_layout_to_area Add Layouts to Area area No No
add_stack_to_area Add Stack to Area area No No
delete_area_contents Delete Area Contents area No No
edit_area_contents Edit Area Contents area No No
edit_area_design Edit Area Design area No No
edit_area_permissions Edit Area Permissions area No No
schedule_area_contents_guest_access Schedule Guest Access area No No
view_area View Area area No No
approve_basic_workflow_action Approve or Deny basic_workflow No No
notify_on_basic_workflow_approve Notify on Approve basic_workflow No No
notify_on_basic_workflow_deny Notify on Deny basic_workflow No No
notify_on_basic_workflow_entry Notify on Entry basic_workflow No No
delete_block Delete Block block No No
edit_block Edit Block block No No
edit_block_cache_settings Edit Cache Settings block No No
edit_block_custom_template Change Block Template block No No
edit_block_design Edit Design block No No
edit_block_name Edit Name block No No
edit_block_permissions Edit Permissions block No No
schedule_guest_access Schedule Guest Access block No No
view_block View Block block No No
add_block Add Block block_type Yes No
add_stack Add Stack block_type No No
delete_board Delete Board board No No
edit_board_contents Edit Contents board No No
edit_board_locked_rules Edit Locked Rules board No No
edit_board_permissions Edit Permissions board No No
edit_board_settings Edit Settings board No No
view_board View Board board No No
add_board Add Board board_admin No No
delete_boards Delete Boards board_admin No No
edit_boards_contents Edit Board Content board_admin No No
edit_boards_locked_rules Edit Locked Rules board_admin No No
edit_boards_permissions Edit Permissions board_admin No No
edit_boards_settings Edit Board Settings board_admin No No
view_boards View Boards board_admin No No
access_calendar_rss_feed Access RSS Feed calendar No No
add_calendar_event Add Calendar Event calendar No No
approve_calendar_event Approve Calendar Event calendar No Yes
delete_calendar Delete Calendar calendar No No
edit_calendar Edit Calendar calendar No No
edit_calendar_event_more_details_location Modify More Details Location calendar No No
edit_calendar_events Edit Calendar Events calendar No No
edit_calendar_permissions Edit Permissions calendar No No
view_calendar View Calendar calendar No No
view_calendar_in_edit_interface View in Edit Interface calendar No No
access_calendar_rss_feeds Access RSS Feeds calendar_admin No No
add_calendar Add Calendar calendar_admin No No
add_calendar_events Add Calendar Events calendar_admin No No
approve_calendar_events Approve Calendar Events calendar_admin No Yes
delete_calendars Delete Calendars calendar_admin No No
edit_calendars Edit Calendars calendar_admin No No
edit_calendars_permissions Edit Permissions calendar_admin No No
view_calendars View Calendars calendar_admin No No
view_category_tree_node View Category Tree Node category_tree_node No No
add_conversation_message Add Message to Conversation conversation Yes No
add_conversation_message_attachments Add Message Attachments conversation No No
approve_conversation_message Approve Message conversation No No
delete_conversation_message Delete Message conversation No No
edit_conversation_message Edit Message conversation No No
edit_conversation_permissions Edit Conversation Permissions conversation No No
flag_conversation_message Flag Message conversation No No
rate_conversation_message Rate Message conversation No No
delete_express_entry Delete Entry express_entry No No
edit_express_entry Edit Entry express_entry No No
view_express_entry View Entries express_entry No No
add_express_entries Add Entry express_tree_node No No
delete_express_entries Delete Entry express_tree_node No No
edit_express_entries Edit Entry express_tree_node No No
view_express_entries View Entries express_tree_node No No
copy_file Copy File file No No
delete_file Delete File file No No
edit_file_contents Edit File Contents file No No
edit_file_permissions Edit File Access file No No
edit_file_properties Edit File Properties file No No
view_file View Files file No No
view_file_in_file_manager View File in File Manager file No No
add_file Add File file_folder Yes No
copy_file_folder_files Copy File file_folder No No
delete_file_folder Delete File Folder file_folder No No
delete_file_folder_files Delete File file_folder No No
edit_file_folder Edit File Folder file_folder No No
edit_file_folder_file_contents Edit File Contents file_folder No No
edit_file_folder_file_properties Edit File Properties file_folder No No
edit_file_folder_permissions Edit File Access file_folder No No
search_file_folder Search File Folder file_folder No No
view_file_folder_file View Files file_folder No No
add_group Add Group group_folder No No
add_group_folder Add Group Folder group_folder No No
assign_groups Assign Groups group_folder No No
delete_group_folder Delete Group Folder group_folder No No
edit_group_folder Edit Group Folder group_folder No No
edit_group_folder_permissions Edit Group Access group_folder No No
search_group_folder Search Group Folder group_folder No No
add_sub_group Add Child Group group_tree_node No No
assign_group Assign Group group_tree_node No No
edit_group Edit Group group_tree_node No No
edit_group_permissions Edit Group Permissions group_tree_node No No
search_users_in_group Search User Group group_tree_node No No
delete_log_entries Delete Log Entries logs No No
export_log_entries Export Log Entries logs No No
view_log_entries View Log Entries logs No No
install_packages Install Packages marketplace No No
uninstall_packages Uninstall Packages marketplace No No
notify_in_notification_center Notify in Notification Center notification Yes No
add_subpage Add Sub-Page page Yes No
approve_page_versions Approve Changes page No Yes
delete_page Delete page No Yes
delete_page_versions Delete Versions page No Yes
edit_page_contents Edit Contents page No No
edit_page_multilingual_settings Edit Multilingual Settings page No No
edit_page_page_type Edit Page Type page No No
edit_page_permissions Edit Permissions page No Yes
edit_page_properties Edit Properties page Yes No
edit_page_speed_settings Edit Speed Settings page No No
edit_page_template Change Page Template page No No
edit_page_theme Change Theme page Yes No
move_or_copy_page Move or Copy Page page No Yes
preview_page_as_user Preview Page As User page No No
schedule_page_contents_guest_access Schedule Guest Access page No No
view_page View page No No
view_page_in_sitemap View Page in Sitemap page No No
view_page_versions View Versions page No No
add_page_type Add Pages of This Type page_type No No
delete_page_type Delete Page Type page_type No No
edit_page_type Edit Page Type page_type No No
edit_page_type_drafts Edit Page Type Drafts page_type No No
edit_page_type_permissions Edit Page Type Permissions page_type No No
access_sitemap Access Sitemap sitemap No No
view_topic_tree_node View Topic Tree Node topic_tree_node No No
access_group_search Access Group Search user No No
access_user_search Access User Search user No No
access_user_search_export Export Site Users user No No
activate_user Activate/Deactivate User user No Yes
delete_user Delete User user No Yes
edit_user_properties Edit User Details user Yes No
sudo Sign in as User user No No
view_user_attributes View User Attributes user Yes No