Class Permission

Represents a permission assigned to a group.

Object

Extended by

ViewableData implements IteratorAggregate

Extended by

DataObject implements DataObjectInterface, i18nEntityProvider

Extended by

Permission

Package: sapphire\security
Located at sapphire/security/Permission.php

Methods summary

`public static integer\|boolean`	# `check( string $code, string $arg = "any", integer\|Member $member = null, boolean $strict = true )` Check that the current member has the given permission. Check that the current member has the given permission. Parameters `$code` string $code Code of the permission to check (case-sensitive) `$arg` string $arg Optional argument (e.g. a permissions for a specific page) `$member` int\|Member $member Optional member instance or ID. If set to NULL, the permssion will be checked for the current user `$strict` bool $strict Use "strict" checking (which means a permission will be granted if the key does not exist at all)? Returns `integer\|boolean` The ID of the permission record if the permission exists; FALSE otherwise. If "strict" checking is disabled, TRUE will be returned if the permission does not exist at all.
`public static`	# `flush_permission_cache( )` Flush the permission cache, for example if you have edited group membership or a permission record. Flush the permission cache, for example if you have edited group membership or a permission record.
`public static integer\|boolean`	# `checkMember( integer\|Member $member, string\|array $code, string $arg = "any", boolean $strict = true )` Check that the given member has the given permission. Check that the given member has the given permission. Parameters `$member` int\|Member memberID The ID of the member to check. Leave blank for the current member. Alternatively you can use a member object. `$code` string\|array $code Code of the permission to check (case-sensitive) `$arg` string $arg Optional argument (e.g. a permissions for a specific page) `$strict` bool $strict Use "strict" checking (which means a permission will be granted if the key does not exist at all)? Returns `integer\|boolean` The ID of the permission record if the permission exists; FALSE otherwise. If "strict" checking is disabled, TRUE will be returned if the permission does not exist at all.
`public static array();`	# `permissions_for_member( mixed $memberID )` Get all the 'any' permission codes available to the given member. Get all the 'any' permission codes available to the given member. Returns `array();` array();
`public static array`	# `groupList( integer $memberID = null )` Get the list of groups that the given member belongs to. Get the list of groups that the given member belongs to. Call without an argument to get the groups that the current member belongs to. In this case, the results will be session-cached. Parameters `$memberID` int $memberID The ID of the member. Leave blank for the current member. Returns `array` Returns a list of group IDs to which the member belongs to or NULL.
`public static`	# `grant( integer $groupID, string $code, string $arg = "any" )` Grant the given permission code/arg to the given group Grant the given permission code/arg to the given group Parameters `$groupID` int $groupID The ID of the group `$code` string $code The permission code `$arg` string Optional: The permission argument (e.g. a page ID). Returns Permission Returns the new permission object.
`public static`	# `deny( integer $groupID, string $code, string $arg = "any" )` Deny the given permission code/arg to the given group Deny the given permission code/arg to the given group Parameters `$groupID` int $groupID The ID of the group `$code` string $code The permission code `$arg` string Optional: The permission argument (e.g. a page ID). Returns Permission Returns the new permission object.
`public static DataObjectSet`	# `get_members_by_permission( mixed $code )` Returns all members for a specific permission. Returns all members for a specific permission. Parameters `$code` $code String\|array Either a single permission code, or a list of permission codes Returns `DataObjectSet` Returns a set of member that have the specified permission.
`public static DataObjectSet`	# `get_groups_by_permission( mixed $codes )` Return all of the groups that have one of the given permission codes Return all of the groups that have one of the given permission codes Parameters `$codes` $codes array\|string Either a single permission code, or an array of permission codes Returns `DataObjectSet` The matching group objects
`public static array`	# `get_codes( boolean $grouped = true )` Get a list of all available permission codes, both defined through the `PermissionProvider` interface, and all not explicitly defined codes existing as a `Permission` database record. By default, the results are grouped as denoted by `Permission_Group`. Get a list of all available permission codes, both defined through the `PermissionProvider` interface, and all not explicitly defined codes existing as a `Permission` database record. By default, the results are grouped as denoted by `Permission_Group`. Parameters `$grouped` bool $grouped Group results into an array of permission groups. Returns `array` Returns an array of all available permission codes. The array indicies are the permission codes as used in `Permission::check()`. The value is a description suitable for using in an interface.
`public static`	# `sort_permissions( mixed $a, mixed $b )` Sort permissions based on their sort value, or name Sort permissions based on their sort value, or name
`public static`	# `add_to_hidden_permissions( mixed $code )` add a permission represented by the $code to the slef::$hidden_permissions list add a permission represented by the $code to the slef::$hidden_permissions list Parameters `$code` $code string - the permissions code
`public static`	# `remove_from_hidden_permissions( mixed $code )` remove a permission represented by the $code from the slef::$hidden_permissions list remove a permission represented by the $code from the slef::$hidden_permissions list Parameters `$code` $code string - the permissions code
`public static`	# `declare_permissions( array $permArray )` Declare an array of permissions for the system. Declare an array of permissions for the system. Permissions can be grouped by nesting arrays. Scalar values are always treated as permissions. Parameters `$permArray` array $permArray A (possibly nested) array of permissions to declare for the system.
`public static array`	# `get_declared_permissions_list( )` Get a linear list of the permissions in the system. Get a linear list of the permissions in the system. Returns `array` Linear list of declared permissions in the system.
`public static Label`	# `get_label_for_permission( mixed $perm )` Look up the human-readable title for the permission as defined by `Permission::declare_permissions` Look up the human-readable title for the permission as defined by `Permission::declare_permissions` Parameters `$perm` $perm Permission code Returns `Label` for the given permission, or the permission itself if the label doesn't exist
`protected static`	# `traverse_declared_permissions( aeeay $declared, mixed & $list )` Recursively traverse the nested list of declared permissions and create a linear list. Recursively traverse the nested list of declared permissions and create a linear list. Parameters `$declared` aeeay $declared Nested structure of permissions. `$list` $list List of permissions in the structure. The result will be written to this array.
`public`	# `onBeforeWrite( )` Event handler called before writing to the database. You can overload this to clean up or otherwise process data before writing it to the database. Don't forget to call parent::onBeforeWrite(), though! Event handler called before writing to the database. You can overload this to clean up or otherwise process data before writing it to the database. Don't forget to call parent::onBeforeWrite(), though! This called after $this->validate(), so you can be sure that your data is valid. Uses `DataObjectDecorator::onBeforeWrite()` Overrides `DataObject::onBeforeWrite`

Methods inherited from DataObject

Aggregate(), RelationshipAggregate(), __construct(), baseTable(), belongs_to(), buildDataObjectSet(), buildSQL(), can(), canCreate(), canDelete(), canEdit(), canView(), castedUpdate(), composite_fields(), context_obj(), customDatabaseFields(), custom_database_fields(), data(), databaseFields(), databaseIndexes(), database_extensions(), database_fields(), db(), dbObject(), debug(), defaultSearchFilters(), defineMethods(), delete(), delete_by_id(), destroy(), disableCMSFieldsExtensions(), disable_subclass_access(), duplicate(), enableCMSFieldsExtensions(), enable_subclass_access(), exists(), extendedSQL(), fieldLabel(), fieldLabels(), flushCache(), flush_and_destroy_cache(), forceChange(), get(), getAllFields(), getCMSActions(), getCMSFields(), getChangedFields(), getClassAncestry(), getComponent(), getComponents(), getComponentsQuery(), getDefaultSearchContext(), getField(), getFrontEndFields(), getManyManyComponents(), getManyManyComponentsQuery(), getManyManyFilter(), getManyManyJoin(), getRemoteJoinField(), getReverseAssociation(), getTitle(), get_by_id(), get_one(), get_validation_enabled(), hasDatabaseField(), hasField(), hasOwnTableDatabaseField(), hasValue(), has_many(), has_one(), has_own_table(), i18n_plural_name(), i18n_singular_name(), inheritedDatabaseFields(), instance_get(), instance_get_one(), isChanged(), isEmpty(), isInDB(), is_composite_field(), many_many(), many_many_extraFields(), merge(), newClassInstance(), onAfterDelete(), onAfterWrite(), onBeforeDelete(), plural_name(), populateDefaults(), provideI18nEntities(), relObject(), requireDefaultRecords(), requireTable(), reset(), scaffoldFormFields(), scaffoldSearchFields(), searchableFields(), setCastedField(), setClassName(), setComponent(), setField(), set_context_obj(), set_validation_enabled(), singular_name(), summaryFields(), toMap(), update(), validate(), write(), writeComponents(), writeWithoutVersion()

Methods inherited from ViewableData

ATT_val(), BaseHref(), CSSClasses(), ColumnBreak(), ColumnCalc(), ColumnNumber(), ColumnPad(), ColumnPos(), CurrentMember(), CurrentPage(), Debug(), Even(), EvenOdd(), First(), FirstLast(), HasPerm(), IsAjax(), JS_val(), Last(), Me(), Middle(), MiddleString(), Modulus(), MultipleOf(), Odd(), Pos(), RAW_val(), SQL_val(), ThemeDir(), ThemeName(), Top(), TotalItems(), XML_val(), __get(), __isset(), __set(), buildCastingCache(), cachedCall(), castingClass(), castingHelper(), castingHelperPair(), castingObjectCreator(), castingObjectCreatorPair(), customise(), escapeTypeForField(), getIterator(), getSecurityID(), getXMLValues(), i18nLocale(), iteratorProperties(), obj(), renderWith(), setCustomisedObj()

Methods inherited from Object

__call(), __toString(), __wakeup(), addMethodsFrom(), addStaticVars(), addWrapperMethod(), add_extension(), add_static_var(), allMethodNames(), cacheToFile(), cacheToFileWithArgs(), clearCache(), combined_static(), create(), createMethod(), create_from_string(), extInstance(), extend(), getCustomClass(), getExtensionInstance(), getExtensionInstances(), get_extensions(), get_static(), hasExtension(), hasMethod(), has_extension(), invokeWithExtensions(), is_a(), loadCache(), parentClass(), parse_class_spec(), remove_extension(), sanitiseCachename(), saveCache(), set_stat(), set_static(), set_uninherited(), stat(), strong_create(), uninherited(), uninherited_static(), useCustomClass()

Magic methods summary

Constants summary

`integer`	`GRANT_PERMISSION`	`1`	# This is the value to use for the "Type" field if a permission should be granted. This is the value to use for the "Type" field if a permission should be granted.
`integer`	`DENY_PERMISSION`	`-1`	# This is the value to use for the "Type" field if a permission should be denied. This is the value to use for the "Type" field if a permission should be denied.
`integer`	`INHERIT_PERMISSION`	`0`	# This is the value to use for the "Type" field if a permission should be inherited. This is the value to use for the "Type" field if a permission should be inherited.

Properties summary

`public static array`	`$db`	# Database field definitions. This is a map from field names to field type. The field type should be a class that extends . Database field definitions. This is a map from field names to field type. The field type should be a class that extends .
`public static array`	`$has_one`	# One-to-zero relationship defintion. This is a map of component name to data type. In order to turn this into a true one-to-one relationship you can add a `DataObject::$belongs_to` relationship on the child class. One-to-zero relationship defintion. This is a map of component name to data type. In order to turn this into a true one-to-one relationship you can add a `DataObject::$belongs_to` relationship on the child class. Note that you cannot have a has_one and belongs_to relationship with the same name.
`public static array`	`$indexes`	# If a field is in this array, then create a database index on that field. This is a map from fieldname to index type. See SS_Database->requireIndex() and custom subclasses for details on the array notation. If a field is in this array, then create a database index on that field. This is a map from fieldname to index type. See SS_Database->requireIndex() and custom subclasses for details on the array notation.
`public static array`	`$defaults`	# Inserts standard column-values when a DataObject is instanciated. Does not insert default records `DataObject::$default_records`. This is a map from fieldname to default value. Inserts standard column-values when a DataObject is instanciated. Does not insert default records `DataObject::$default_records`. This is a map from fieldname to default value. If you would like to change a default value in a sub-class, just specify it. - If you would like to disable the default value given by a parent class, set the default value to 0,'',or false in your subclass. Setting it to null won't work.
`public static array`	`$has_many`	# This defines a one-to-many relationship. It is a map of component name to the remote data class. This defines a one-to-many relationship. It is a map of component name to the remote data class. This relationship type does not actually create a data structure itself - you need to define a matching $has_one relationship on the child class. Also, if the $has_one relationship on the child class has multiple links to this class you can use the syntax "ClassName.HasOneRelationshipName" in the remote data class definition to show which foreign key to use.
`public static array`	`$many_many`	# many-many relationship definitions. This is a map from component name to data type. many-many relationship definitions. This is a map from component name to data type.
`public static array`	`$belongs_many_many`	# The inverse side of a many-many relationship. This is a map from component name to data type. The inverse side of a many-many relationship. This is a map from component name to data type.
`public static boolean`	`$declared_permissions`	# Method to globally disable "strict" checking, which means a permission will be granted if the key does not exist at all. Method to globally disable "strict" checking, which means a permission will be granted if the key does not exist at all.
`protected static array`	`$declared_permissions_list`	# Linear list of declared permissions in the system. Linear list of declared permissions in the system.
`public static boolean`	`$strict_checking`	# Boolean Method to globally disable "strict" checking, which means a permission will be granted if the key does not exist at all. Boolean Method to globally disable "strict" checking, which means a permission will be granted if the key does not exist at all.
`public static boolean`	`$implied_permissions`	# If this setting is set, then permissions can imply other permissions If this setting is set, then permissions can imply other permissions
`public static boolean`	`$admin_implies_all`	# Set to false to prevent the 'ADMIN' permission from implying all permissions in the system Set to false to prevent the 'ADMIN' permission from implying all permissions in the system
`public static array;`	`$hidden_permissions`	# a list of permission codes which doesn't appear in the Permission list when make the `PermissionCheckboxSetField` a list of permission codes which doesn't appear in the Permission list when make the `PermissionCheckboxSetField`

Properties inherited from DataObject

$allowed_actions, $ancestry, $api_access, $belongs_to, $brokenOnDelete, $brokenOnWrite, $cache_get_one, $cache_has_own_table, $cache_has_own_table_field, $casting, $componentCache, $components, $create_table_options, $default_records, $default_sort, $destroyed, $field_labels, $many_many_extraFields, $original, $plural_name, $record, $searchable_fields, $singular_name, $summary_fields

Properties inherited from ViewableData

$customisedObject, $default_cast, $failover, $iteratorPos, $iteratorTotalItems

Properties inherited from Object

$class, $extension_instances, $extensions

[Raise a SilverStripe Framework issue/bug](https://github.com/silverstripe/silverstripe-framework/issues/new)
- [Raise a SilverStripe CMS issue/bug](https://github.com/silverstripe/silverstripe-cms/issues/new)
- Please use the Silverstripe Forums to ask development related questions. -