Checking Permissions Against Complex Permission Keys

Until now, our examples of permission checks have been pretty simple. Just pass a permission object to the checker, and call a method corresponding to either a method in the Response object, or the permission key itself. Simple. But some permissions have greater levels of granularity than others. For example, let's look at the "Edit Page Properties" permission. When you assign this permission in Advanced Permissions mode, you're actually able to specify which properties a user can edit, even down to the attribute.

How do we check those permission? If we just do this:

$c = \Page::getCurrentPage();
$cp = new Permissions($c);
if ($cp->canEditPageProperties()) {


The check will simply look to see if the current user has the ability to edit any of the properties. But it won't tell us which ones. What if we need to check whether the user has the ability to edit page name specifically? Here's how we tap into the details behind certain more granular permission keys.

First, we retrieve the permission key for this permission:

$key = \Concrete\Core\Permission\Key\Key::getByHandle('edit_page_properties');

Next, we set our permission object manually:

$c = \Page::getCurrentPage();

Since "Edit Page Properties" is an advanced permission key with its own class, the $key object is actually an instance of Concrete\Core\Permission\Key\EditPagePropertiesKey. This key has its own special method, getMyAssignment.

$assignment = $key->getMyAssignment();

This method returns a special, composite instance of Concrete\Core\Permission\Access\ListItem\EditPagePropertiesListItem. This method contains all the methods you'll need to check to see if the current user has the ability to perform actions specific to the Edit Page Properties permission. Want to check to see if the user has the ability to edit the page's name?

if ($assignment->allowEditName()) {
    // they do!

That's it! In general this is the approach you'll want to follow when dealing with any permission keys that have more advanced capabilities: first, retrieve the permission key, and use that custom object to retrieve a list item object that represents what the current user is able to do.