Programmatically Setting Permissions
Change Permissions on a File
Permissions of objects can be set programmatically. Enable Advanced Permissions in the dashboard, then follow this example:
use Concrete\Core\Permission\Key\Key as PermissionKey;
use Concrete\Core\Permission\Access\Entity\GroupEntity as GroupPermissionAccessEntity;
use Concrete\Core\Permission\Access\Entity\UserEntity as UserPermissionAccessEntity;
// override parent folder permissions
$f->resetPermissions(1);
// remove Guest access
$pk = PermissionKey::getByHandle('view_file');
$pk->setPermissionObject($f);
$pa = $pk->getPermissionAccessObject();
$pe = GroupPermissionAccessEntity::getOrCreate(UserGroup::getByID(GUEST_GROUP_ID));
$pa->removeListItem($pe);
// enable access by a group
$g = UserGroup::getByName('VIPs');
if (is_object($g)) {
$pae = GroupPermissionAccessEntity::getOrCreate($g);
$pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
}
// enable access by an individual user
$ui = UserInfo::getByID($uID);
if (is_object($ui)) {
$pae = UserPermissionAccessEntity::getOrCreate($ui);
$pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
}
// apply the permissions changes
$pa->markAsInUse();
Programmatically Setting Folder Permissions in File Manager
Obtaining a Folder Object
Get a Folder Object using these methods, with $folderObject
as the resulting Folder Object.
Create a new folder at the root:
use Concrete\Core\File\Filesystem;
use Concrete\Core\Tree\Node\Type\FileFolder;
$fileSystem = new Filesystem();
$root = $fileSystem->getRootFolder();
$folderObject = FileFolder::add('Test Folder', $root);
Get a folder by name:
use Concrete\Core\Tree\Node\Node;
$folderObject = Node::getNodeByName('Test Folder');
Get or create a folder at the root:
use Concrete\Core\File\Filesystem;
use Concrete\Core\Tree\Node\Type\FileFolder;
$fileSystem = new Filesystem();
$root = $fileSystem->getRootFolder();
$folderObject = $root->getChildFolderByName('Test Folder', true);
Setting Permissions
Remove viewing permissions for non-logged-in users from a Folder Object.
Setting up and applying new permissions:
use Concrete\Core\Permission\Access\Entity\GroupEntity;
use Concrete\Core\User\Group\Group;
use Concrete\Core\Permission\Key\Key;
use Concrete\Core\Permission\Access\Access;
folderObject->setTreeNodePermissionsToOverride();
$permissionEntity = GroupEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
$permissionKey = Key::getByHandle('view_file_folder_file');
$permissionKey->setPermissionObject($folderObject);
$permissionAssignmentObject = $permissionKey->getPermissionAssignmentObject();
$accessListItems = $permissionAssignmentObject->getPermissionAccessObject()->getAccessListItems(Key::ACCESS_TYPE_ALL);
$permissionAccessObject = Access::create($permissionKey);
foreach($accessListItems as $accessListItem) {
$permissionAccessObject->addListItem($accessListItem->getAccessEntityObject(), $accessListItem->getPermissionDurationObject(), $accessListItem->getAccessType());
}
$permissionAccessObject->addListItem($permissionEntity, false, Key::ACCESS_TYPE_EXCLUDE);
$permissionAssignmentObject->assignPermissionAccess($permissionAccessObject);
Permission hierarchy overview: - Permission Key with Folder Object - Permission Assignment Object - Permission Access Object - Access Items (Array of ListItem Objects)