PHP Class Method Code

 
	/**
	 * Determines if the current user has the authority to perform the action protected by this check.
	 *
	 * @param string $group
	 *        	A MODX User Group Name, which has to be spelled accurately including case.
	 * @param string $minimumRole
	 *        	The MODX Role with authority to execute the action.
	 * @uses modUser defined as $this->user on class execution.
	 * @return boolean
	 */
	private function checkStaffAuthentication($group = 'Administration', $minimumRole = 'superuser') {
		$userHasAuthority = false;
		if ($group && $minimumRole) {
			
			$user = $this->user;
			
			$userRole = null;
			
			/* test the user */
			if ($user instanceof modUser) {
				
				if ($user->isMember ( $group )) {
					
					$modUserGroup = $this->modx->getObject ( 'modUserGroup', array (
							'name' => $group 
					) );
					
					/* Get thier group */
					if ($modUserGroup instanceof modUserGroup) {
						
						$criteria = $this->modx->newQuery ( 'modUserGroupMember' );
						
						$criteria->where ( array (
								'user_group' => $modUserGroup->getPrimaryKey (),
								'member' => $user->getPrimaryKey () 
						) );
						
						/* Retrieve the user's role in the group */
						$modUserGroupMember = $this->modx->getObject ( 'modUserGroupMember', $criteria );
						
						/* If they have a role retrieve it */
						if ($modUserGroupMember instanceof modUserGroupMember) {
							
							$userRole = $modUserGroupMember->UserGroupRole;
						}
					}
				}
			}
			
			/* If the user has a role to test against */
			if ($userRole instanceof modUserGroupRole) {
				
				/* Retrieve the designated role */
				$testRole = $this->modx->getObject ( 'modUserGroupRole', array (
						'name' => $minimumRole 
				) );
				
				/* if both are user roles */
				if ($testRole instanceof modUserGroupRole && $userRole instanceof modUserGroupRole) {
					
					/* Test the authority level -- lesser is more authority */
					if ($userRole->getPrimaryKey () <= $testRole->getPrimaryKey ()) {
						$userHasAuthority = true;
					}
				}
			}
		}
		return $userHasAuthority;
	}

Comments

Occasionally, I am asked to create PHP Class files which have varying level of functionality based on the MODX Revolution ACL for individual clients. This is especially true, when building AJAX and JSON applications where front end users may be tasked with providing real-time data via a web interface attached to tablets or other devices.

Eventually, I would like to see a hook added to the core which would provide similar functionality.

Overview

The function is left private so as to not be manipulated by Manager users. As a precaution, we typically encrypt our code, so there is no way for users with Media access to go in add a temporary function in a Class to give themselves access they do not deserve. The function expects the current user to be defined in the __construct() The function requires specific Resource Group and Role names to be designated

Usage

Simply wrap the contents of sensitive class functions as follows:

public function someSensitiveFunction($someParameter = true) {
     $someDefaultResponse = '';
		
     if ($this->checkStaffAuthentication ( 'Z-cellular', 'Management' )) {
           /* Do stuff */
     } else {
     /* Log the attempt  using an internal logger or MODX's etc.*/
     $this->logevent ( __FUNCTION__, 0, 'Attempt to do something very bad', $this->user->getPrimaryKey (), 0, 0, $this->getClientIpAddress () );
		}
		return $someDefaultResponse;
	}

In this article

    Get The Book

    Retailers:

    Amazon
    Kindle Edition

    MODX Revolution: Building the Web Your Way