Programmatically Setting Permissions

Edit

Improvements?

Let us know by posting here.

Change Permissions on a File

Permissions of objects can be set programmatically. Enable Advanced Permissions in the dashboard, then follow this example:

use Concrete\Core\Permission\Key\Key as PermissionKey;
use Concrete\Core\Permission\Access\Entity\GroupEntity as GroupPermissionAccessEntity;
use Concrete\Core\Permission\Access\Entity\UserEntity as UserPermissionAccessEntity;

// override parent folder permissions
$f->resetPermissions(1);

// remove Guest access
$pk = PermissionKey::getByHandle('view_file');
$pk->setPermissionObject($f);
$pa = $pk->getPermissionAccessObject();
$pe = GroupPermissionAccessEntity::getOrCreate(UserGroup::getByID(GUEST_GROUP_ID));
$pa->removeListItem($pe);

// enable access by a group
$g = UserGroup::getByName('VIPs');
if (is_object($g)) {
    $pae = GroupPermissionAccessEntity::getOrCreate($g);
    $pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
}

// enable access by an individual user
$ui = UserInfo::getByID($uID);
if (is_object($ui)) {
    $pae = UserPermissionAccessEntity::getOrCreate($ui);
    $pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
}

// apply the permissions changes
$pa->markAsInUse();

Programmatically Setting Folder Permissions in File Manager

Obtaining a Folder Object

Get a Folder Object using these methods, with $folderObject as the resulting Folder Object.

Create a new folder at the root:

use Concrete\Core\File\Filesystem;
use Concrete\Core\Tree\Node\Type\FileFolder;

$fileSystem = new Filesystem();
$root = $fileSystem->getRootFolder();
$folderObject = FileFolder::add('Test Folder', $root);

Get a folder by name:

use Concrete\Core\Tree\Node\Node;

$folderObject = Node::getNodeByName('Test Folder');

Get or create a folder at the root:

use Concrete\Core\File\Filesystem;
use Concrete\Core\Tree\Node\Type\FileFolder;

$fileSystem = new Filesystem();
$root = $fileSystem->getRootFolder();
$folderObject = $root->getChildFolderByName('Test Folder', true);

Setting Permissions

Remove viewing permissions for non-logged-in users from a Folder Object.

Setting up and applying new permissions:

use Concrete\Core\Permission\Access\Entity\GroupEntity;
use Concrete\Core\User\Group\Group;
use Concrete\Core\Permission\Key\Key;
use Concrete\Core\Permission\Access\Access;

folderObject->setTreeNodePermissionsToOverride();

$permissionEntity = GroupEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
$permissionKey = Key::getByHandle('view_file_folder_file');
$permissionKey->setPermissionObject($folderObject);
$permissionAssignmentObject = $permissionKey->getPermissionAssignmentObject();

$accessListItems = $permissionAssignmentObject->getPermissionAccessObject()->getAccessListItems(Key::ACCESS_TYPE_ALL);
$permissionAccessObject = Access::create($permissionKey);

foreach($accessListItems as $accessListItem) {
    $permissionAccessObject->addListItem($accessListItem->getAccessEntityObject(), $accessListItem->getPermissionDurationObject(), $accessListItem->getAccessType());
}

$permissionAccessObject->addListItem($permissionEntity, false, Key::ACCESS_TYPE_EXCLUDE);
$permissionAssignmentObject->assignPermissionAccess($permissionAccessObject);

Permission hierarchy overview: - Permission Key with Folder Object - Permission Assignment Object - Permission Access Object - Access Items (Array of ListItem Objects)