+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Addins (https://forum.codeigniter.com/forumdisplay.php?fid=34)
+--- Thread: Shield problem with permission (/showthread.php?tid=92552)
Shield problem with permission - pippuccio76 - 03-05-2025
HI , i set in AuthGroups this permission :
Code:
/**
* --------------------------------------------------------------------
* Permissions
* --------------------------------------------------------------------
* The available permissions in the system.
*
* If a permission is not listed here it cannot be used.
*/
public array $permissions = [
'admin.access' => 'Can access the sites admin area',
'admin.settings' => 'Can access the main site settings',
'agente.access' => 'Può visionare l\'area admin ma con delle restrizioni per la gestione dei clienti',
'agente.create' => 'Può visionare l\'area admin ma con delle restrizioni per la gestione dei clienti',
'aziende.access' => 'Può visionare l\'area admin ma con delle restrizioni per la gestione delle tratte',
'cliente.access' => 'Può visionare l\'area clienti in modo di aver diritto a sconti o al pagamento a fine mese',
'cliente.create' => 'Può creare clienti',
'users.manage-admins' => 'Can manage other admins',
'users.create' => 'Can create new non-admin users',
'users.edit' => 'Can edit existing non-admin users',
'users.delete' => 'Can delete existing non-admin users',
'beta.access' => 'Can access beta-level features',
];
/**
* --------------------------------------------------------------------
* Permissions Matrix
* --------------------------------------------------------------------
* Maps permissions to groups.
*
* This defines group-level permissions.
*/
public array $matrix = [
'superadmin' => [
'admin.*',
'users.*',
'agente.*',
'cliente.*',
],
'admin' => [
'admin.access',
'users.*',
'agente.*',
],
'developer' => [
'admin.access',
'admin.settings',
'users.create',
'users.edit',
'beta.access',
],
'agente' => [
'agente.access',
'cliente.create',
],
'aziende' => [
'aziende.access',
],
'clienti' => [
'cliente.access',
],
];
}Code:
public function test()
{
$data = [] ;
print_r($_SESSION);
echo '<pre>';
echo auth()->user()->email;
echo '</pre>';
echo '<pre>';
var_dump(auth()->user()->getGroups());
echo '</pre>';
echo '<pre>';
var_dump(auth()->user()->getPermissions());
echo '</pre>';
die();
echo view('empty_view', $data);
echo view('gestionale/admin/test');
}this is the result :
Code:
Array ( [__ci_last_regenerate] => 1741160512 [_ci_previous_url] => http://xxxxxxxxxxxxx/index.php/admin_tratte_acquistate/lista_prenotazioni/dashboard [csrf_token_name] => f84f0989fe8038b65eb101b338c82977 [user] => Array ( [id] => 1 ) )
[email protected]
array(1) {
[0]=>
string(10) "superadmin"
}
array(0) {
}RE: Shield problem with permission - michalsn - 03-05-2025
Group privileges differ from user privileges. User privileges can be granted independently, in addition to those inherited from groups.
An empty array indicates that no individual permissions are assigned. The special can() method (https://github.com/codeigniter4/shield/blob/develop/src/Authorization/Traits/Authorizable.php#L245) considers both individual permissions and those inherited from group privileges.
RE: Shield problem with permission - pippuccio76 - 03-05-2025
In my case superadmin should have every permission :
Code:
'admin.access' => 'Can access the sites admin area',
'admin.settings' => 'Can access the main site settings',
'agente.access' => 'Può visionare l\'area admin ma con delle restrizioni per la gestione dei clienti',
'agente.create' => 'Può visionare l\'area admin ma con delle restrizioni per la gestione dei clienti',
'aziende.access' => 'Può visionare l\'area admin ma con delle restrizioni per la gestione delle tratte',
'cliente.access' => 'Può visionare l\'area clienti in modo di aver diritto a sconti o al pagamento a fine mese',
'cliente.create' => 'Può creare clienti',
'users.manage-admins' => 'Can manage other admins',
'users.create' => 'Can create new non-admin users',
'users.edit' => 'Can edit existing non-admin users',
'users.delete' => 'Can delete existing non-admin users',
'beta.access' => 'Can access beta-level features',instead of beta.access because :
Code:
public array $matrix = [
'superadmin' => [
'admin.*',
'users.*',
'agente.*',
'cliente.*',
],RE: Shield problem with permission - michalsn - 03-05-2025
auth()->user()->getPermissions() will not return the permissions assigned to the user via groups.
RE: Shield problem with permission - pippuccio76 - 03-05-2025
(03-05-2025, 01:57 AM)michalsn Wrote: auth()->user()->getPermissions() will not return the permissions assigned to the user via groups.
Is there a way to show permission assigned via groups ?
RE: Shield problem with permission - JustJohnQ - 03-05-2025
You will need to query both group permissions and user permissions and combine them. Something like this:
PHP Code:
// Get the Authorization service
$auth = service('authorization');
// Get direct user permissions
$userPermissions = $auth->getPermissionsForUser($user->id);
// Get user groups
$userGroups = $auth->getGroupsForUser($user->id);
// Get permissions from groups
$groupPermissions = [];
foreach ($userGroups as $group) {
$groupPermissions = array_merge($groupPermissions, $auth->getPermissionsForGroup($group));
}
// Merge and remove duplicates
$allPermissions = array_unique(array_merge($userPermissions, $groupPermissions));
echo '<pre>';
print_r($allPermissions);
echo '</pre>';
(ChatGPT answer)
RE: Shield problem with permission - michalsn - 03-05-2025
(03-05-2025, 03:23 AM)pippuccio76 Wrote: Is there a way to show permission assigned via groups ?
I don't think there is a method just for that. You would have to do something like this:
PHP Code:
$groups = auth()->user()->getGroups();
$group = new Group(['alias' => $groups[0]]);
dd($group->permissions());
You would have to merge these for every group. But still, this will be just a list of permissions specified in the matrix.