Humblee

A humble PHP framework & CMS

User Roles

Humblee allows for multiple role-based authorization levels. By default, the system utilizes the following:

  • Login - this role is required in order for a user's credentials to be accepted at the time of sign in.
  • Admin - this role allows the user to access the ~/admin pages of the CMS

The first two roles were "access" based roles. The following are "task" based roles used in the CMS:

  • Content - allows a user to edit the content of pages and save it as a draft as well as view files in the Media Manager
  • Publish - similar to the content role, this role also allows the user to publish the content live to the site.
  • Media - allows users to upload, rename or delete files uploaded through the media manager.
  • Pages - with this role, a user can add, remove, re-order and edit pages.
  • Users - this role allows a user to assign roles to other users or remove them from the system.
  • Designer - grants access to the tools for managing content blocks and page templates through the CMS.
  • Developer - this is a "super user" role given to the initial user created through the installation process. This user can do any task in the CMS.

Adding Roles

New roles can be added through the database in the humblee_roles table. By setting the role_type to "access" the new role will appear in the list of access roles when editing a page in the page manager or a file in the media manager.

Setting the new role's type to "task" will suppress it from the list of available roles in the page manager and media manger but leave it available for use as needed throughout the application.

Checking Roles

When building custom functionality, the current user's roles can be checked by using the Core::auth() function. This method accepts either a role name, such as "login," a role ID, or an array containing multiple role IDs and or names. For example:

<?php
return Core::auth(2); // returns true if user has the 'admin' role (which is row id #2 in the table of roles)
return Core::auth('content'); // returns true if user has the 'content' role
return Core::auth(array('content','publish','developer')); // returns true if user has ANY of these roles

if(!Core::auth('publish')){
 echo "Sorry, you do not have permission to publish this content.";
}

Additionally, when extending the Core_Controller_Xhr class, you can call $this->require_role(); which is a wrapper for Core::auth() that, on false returns a "403 Forbidden" header and stops the script from continuing.

<?php
class MyAPI extends Core_Controller_Xhr {
   public function do_something(){
      $this->require_role(array('content','publish'));
      echo "doing something...";
    }
}