Checking Permissions
Checking Complex Permission Keys
For permissions with granular control, like "Edit Page Properties," the process involves more detailed checks. To determine specific permissions, such as editing a page name, follow these steps:
Retrieve the permission key:
$key = \Concrete\Core\Permission\Key\Key::getByHandle('edit_page_properties');
Set the permission object:
$c = \Page::getCurrentPage(); $key->setPermissionObject($this->page);
Since "Edit Page Properties" is an advanced permission key, it's an instance of [Concrete\Core\Permission\Key\EditPagePropertiesKey]. Use its
getMyAssignment
method to get a [Concrete\Core\Permission\Access\ListItem\EditPagePropertiesListItem] instance:$assignment = $key->getMyAssignment();
This method contains all necessary functions to check specific actions under the Edit Page Properties permission. For instance, to check if a user can edit the page's name:
if ($assignment->allowEditName()) { // User can edit the page's name }
This approach is generally used for permission keys with advanced capabilities, retrieving a list item object that defines the current user's permissions.
Checking Permissions for Different Users or Groups
To check permissions for users or groups other than the currently logged-in user, follow these steps:
Check Page for Guest Group Viewing
Get the permission key for View Page:
$key = Key::getByHandle('view_page');
Set the permission object:
$key->setPermissionObject($page);
Retrieve the access object for the key/object combination:
$access = $key->getPermissionAccessObject(); if (!$access) { return false; }
Get the access entity for the Guest Group:
$guestGroup = \Concrete\Core\User\Group\Group::getByID(GUEST_GROUP_ID); $entity = \Concrete\Core\Permission\Access\Entity\GroupEntity::getOrCreate($guestGroup);
Validate the access object against the Guest Group entity:
return $access->validateAccessEntities([$entity]);
Check File Download Permission for a Specific User
Retrieve the permission key for View File:
$key = Key::getByHandle('view_file');
Set the permission object:
$file = \File::getByID(10); $key->setPermissionObject($file);
Retrieve the access object for the key/object combination:
$access = $key->getPermissionAccessObject(); if (!$access) { return false; }
Get the User object for the specific user:
$info = \User::getByName('andrew');
Retrieve all access entities for that user:
$entities = \Concrete\Core\Permission\Access\Entity\Entity::getForUser($info);
Pass the entities to the access object to validate:
return $access->validateAccessEntities($entities);
This approach lets you check whether specific users or groups, like the Guest group or a particular user, have the necessary permissions.
Full List of Permission Keys
Handle | Name | Category | Custom Class | Can Trigger Workflow |
---|---|---|---|---|
access_api | Access API | admin | No | No |
access_page_defaults | Access Page Type Defaults | admin | No | No |
access_page_type_permissions | Access Page Type Permissions | admin | No | No |
access_task_permissions | Access Task Permissions | admin | No | No |
add_topic_tree | Add Topic Tree | admin | No | No |
customize_themes | Customize Themes | admin | No | No |
edit_topic_tree | Edit Topic Tree | admin | No | No |
empty_trash | Empty Trash | admin | No | No |
manage_layout_presets | Manage Layout Presets | admin | No | No |
remove_topic_tree | Remove Topic Tree | admin | No | No |
upgrade | Upgrade Concrete | admin | No | No |
view_announcement_content | View Announcement Content | admin | No | No |
view_in_maintenance_mode | View Site in Maintenance Mode | admin | No | No |
add_block_to_area | Add Block to Area | area | Yes | No |
add_layout_to_area | Add Layouts to Area | area | No | No |
add_stack_to_area | Add Stack to Area | area | No | No |
delete_area_contents | Delete Area Contents | area | No | No |
edit_area_contents | Edit Area Contents | area | No | No |
edit_area_design | Edit Area Design | area | No | No |
edit_area_permissions | Edit Area Permissions | area | No | No |
schedule_area_contents_guest_access | Schedule Guest Access | area | No | No |
view_area | View Area | area | No | No |
approve_basic_workflow_action | Approve or Deny | basic_workflow | No | No |
notify_on_basic_workflow_approve | Notify on Approve | basic_workflow | No | No |
notify_on_basic_workflow_deny | Notify on Deny | basic_workflow | No | No |
notify_on_basic_workflow_entry | Notify on Entry | basic_workflow | No | No |
delete_block | Delete Block | block | No | No |
edit_block | Edit Block | block | No | No |
edit_block_cache_settings | Edit Cache Settings | block | No | No |
edit_block_custom_template | Change Block Template | block | No | No |
edit_block_design | Edit Design | block | No | No |
edit_block_name | Edit Name | block | No | No |
edit_block_permissions | Edit Permissions | block | No | No |
schedule_guest_access | Schedule Guest Access | block | No | No |
view_block | View Block | block | No | No |
add_block | Add Block | block_type | Yes | No |
add_stack | Add Stack | block_type | No | No |
delete_board | Delete Board | board | No | No |
edit_board_contents | Edit Contents | board | No | No |
edit_board_locked_rules | Edit Locked Rules | board | No | No |
edit_board_permissions | Edit Permissions | board | No | No |
edit_board_settings | Edit Settings | board | No | No |
view_board | View Board | board | No | No |
add_board | Add Board | board_admin | No | No |
delete_boards | Delete Boards | board_admin | No | No |
edit_boards_contents | Edit Board Content | board_admin | No | No |
edit_boards_locked_rules | Edit Locked Rules | board_admin | No | No |
edit_boards_permissions | Edit Permissions | board_admin | No | No |
edit_boards_settings | Edit Board Settings | board_admin | No | No |
view_boards | View Boards | board_admin | No | No |
access_calendar_rss_feed | Access RSS Feed | calendar | No | No |
add_calendar_event | Add Calendar Event | calendar | No | No |
approve_calendar_event | Approve Calendar Event | calendar | No | Yes |
delete_calendar | Delete Calendar | calendar | No | No |
edit_calendar | Edit Calendar | calendar | No | No |
edit_calendar_event_more_details_location | Modify More Details Location | calendar | No | No |
edit_calendar_events | Edit Calendar Events | calendar | No | No |
edit_calendar_permissions | Edit Permissions | calendar | No | No |
view_calendar | View Calendar | calendar | No | No |
view_calendar_in_edit_interface | View in Edit Interface | calendar | No | No |
access_calendar_rss_feeds | Access RSS Feeds | calendar_admin | No | No |
add_calendar | Add Calendar | calendar_admin | No | No |
add_calendar_events | Add Calendar Events | calendar_admin | No | No |
approve_calendar_events | Approve Calendar Events | calendar_admin | No | Yes |
delete_calendars | Delete Calendars | calendar_admin | No | No |
edit_calendars | Edit Calendars | calendar_admin | No | No |
edit_calendars_permissions | Edit Permissions | calendar_admin | No | No |
view_calendars | View Calendars | calendar_admin | No | No |
view_category_tree_node | View Category Tree Node | category_tree_node | No | No |
add_conversation_message | Add Message to Conversation | conversation | Yes | No |
add_conversation_message_attachments | Add Message Attachments | conversation | No | No |
approve_conversation_message | Approve Message | conversation | No | No |
delete_conversation_message | Delete Message | conversation | No | No |
edit_conversation_message | Edit Message | conversation | No | No |
edit_conversation_permissions | Edit Conversation Permissions | conversation | No | No |
flag_conversation_message | Flag Message | conversation | No | No |
rate_conversation_message | Rate Message | conversation | No | No |
delete_express_entry | Delete Entry | express_entry | No | No |
edit_express_entry | Edit Entry | express_entry | No | No |
view_express_entry | View Entries | express_entry | No | No |
add_express_entries | Add Entry | express_tree_node | No | No |
delete_express_entries | Delete Entry | express_tree_node | No | No |
edit_express_entries | Edit Entry | express_tree_node | No | No |
view_express_entries | View Entries | express_tree_node | No | No |
copy_file | Copy File | file | No | No |
delete_file | Delete File | file | No | No |
edit_file_contents | Edit File Contents | file | No | No |
edit_file_permissions | Edit File Access | file | No | No |
edit_file_properties | Edit File Properties | file | No | No |
view_file | View Files | file | No | No |
view_file_in_file_manager | View File in File Manager | file | No | No |
add_file | Add File | file_folder | Yes | No |
copy_file_folder_files | Copy File | file_folder | No | No |
delete_file_folder | Delete File Folder | file_folder | No | No |
delete_file_folder_files | Delete File | file_folder | No | No |
edit_file_folder | Edit File Folder | file_folder | No | No |
edit_file_folder_file_contents | Edit File Contents | file_folder | No | No |
edit_file_folder_file_properties | Edit File Properties | file_folder | No | No |
edit_file_folder_permissions | Edit File Access | file_folder | No | No |
search_file_folder | Search File Folder | file_folder | No | No |
view_file_folder_file | View Files | file_folder | No | No |
add_group | Add Group | group_folder | No | No |
add_group_folder | Add Group Folder | group_folder | No | No |
assign_groups | Assign Groups | group_folder | No | No |
delete_group_folder | Delete Group Folder | group_folder | No | No |
edit_group_folder | Edit Group Folder | group_folder | No | No |
edit_group_folder_permissions | Edit Group Access | group_folder | No | No |
search_group_folder | Search Group Folder | group_folder | No | No |
add_sub_group | Add Child Group | group_tree_node | No | No |
assign_group | Assign Group | group_tree_node | No | No |
edit_group | Edit Group | group_tree_node | No | No |
edit_group_permissions | Edit Group Permissions | group_tree_node | No | No |
search_users_in_group | Search User Group | group_tree_node | No | No |
delete_log_entries | Delete Log Entries | logs | No | No |
export_log_entries | Export Log Entries | logs | No | No |
view_log_entries | View Log Entries | logs | No | No |
install_packages | Install Packages | marketplace | No | No |
uninstall_packages | Uninstall Packages | marketplace | No | No |
notify_in_notification_center | Notify in Notification Center | notification | Yes | No |
add_subpage | Add Sub-Page | page | Yes | No |
approve_page_versions | Approve Changes | page | No | Yes |
delete_page | Delete | page | No | Yes |
delete_page_versions | Delete Versions | page | No | Yes |
edit_page_contents | Edit Contents | page | No | No |
edit_page_multilingual_settings | Edit Multilingual Settings | page | No | No |
edit_page_page_type | Edit Page Type | page | No | No |
edit_page_permissions | Edit Permissions | page | No | Yes |
edit_page_properties | Edit Properties | page | Yes | No |
edit_page_speed_settings | Edit Speed Settings | page | No | No |
edit_page_template | Change Page Template | page | No | No |
edit_page_theme | Change Theme | page | Yes | No |
move_or_copy_page | Move or Copy Page | page | No | Yes |
preview_page_as_user | Preview Page As User | page | No | No |
schedule_page_contents_guest_access | Schedule Guest Access | page | No | No |
view_page | View | page | No | No |
view_page_in_sitemap | View Page in Sitemap | page | No | No |
view_page_versions | View Versions | page | No | No |
add_page_type | Add Pages of This Type | page_type | No | No |
delete_page_type | Delete Page Type | page_type | No | No |
edit_page_type | Edit Page Type | page_type | No | No |
edit_page_type_drafts | Edit Page Type Drafts | page_type | No | No |
edit_page_type_permissions | Edit Page Type Permissions | page_type | No | No |
access_sitemap | Access Sitemap | sitemap | No | No |
view_topic_tree_node | View Topic Tree Node | topic_tree_node | No | No |
access_group_search | Access Group Search | user | No | No |
access_user_search | Access User Search | user | No | No |
access_user_search_export | Export Site Users | user | No | No |
activate_user | Activate/Deactivate User | user | No | Yes |
delete_user | Delete User | user | No | Yes |
edit_user_properties | Edit User Details | user | Yes | No |
sudo | Sign in as User | user | No | No |
view_user_attributes | View User Attributes | user | Yes | No |