Permission Service
Simple Example
The permission service checks for member authorization as indicated in the session userdata. Superadmins automatically have permission.
To check for exactly 1 permission:
if (ee('Permission')->has('can_edit_all_comments'))
{
$this->show_form();
}To check for the existence of at least one permission among a list of permissions:
if (ee('Permission')->hasAny('can_create_template_partials', 'can_edit_template_partials', 'can_delete_template_partials'))
{
$this->show_header();
}To check for the existence of all listed permissions:
$can_delete = ee('Permission')->hasAll('can_delete_all_comments', 'can_delete_own_comments')Permission Service Methods
class ExpressionEngine\Service\Permission\Permission
has($permission)
Checks a session object for a single permission
| Parameter | Type | Description |
|---|---|---|
| $permission | String |
A single permission name |
| Returns | Boolean |
TRUE if allowed FALSE if not |
hasAny($permission)
Checks a session object for any matches against a collection of permissions, from one on up.
| Parameter | Type | Description |
|---|---|---|
| $permission | Mixed |
Any number of permission names |
| Returns | Boolean |
TRUE if allowed FALSE if not |
hasAll($permission)
Checks a session object matches all permissions in a collection of permissions, from one on up.
| Parameter | Type | Description |
|---|---|---|
| $permission | Mixed |
Any number of permission names |
| Returns | Boolean |
TRUE if allowed FALSE if not |
isSuperAdmin()
Returns true if logged in member is Super Admins, false otherwise
hasRole($role)
Checks whether member has given role
| Parameter | Type | Description |
|---|---|---|
| $role | Mixed |
ID or name of member role |
| Returns | Boolean |
TRUE if user has role FALSE if not |
hasAnyRole($roles)
Checks whether user has any of given roles, supplied as array of IDs or names.
| Parameter | Type | Description |
|---|---|---|
| $roles | Array |
Array of IDs or names of member roles |
| Returns | Boolean |
TRUE if user has role FALSE if not |
rolesThatHave($permission, $site_id = NULL, $fuzzy = false)
Checks a session object for any matches against a collection of permissions, from one on up.
| Parameter | Type | Description |
|---|---|---|
| $permission | String |
Permission name, or start of permission name |
| $site_id | Int |
Site ID, defaults to current site |
| $fuzzy | Boolean |
TRUE if first parameter is start of permission name |
| Returns | Array |
Array of Role IDs |
Available Permissions
The following are permission names available for validating a user’s permissions using the Permission Service methods.
can_view_online_systemcan_view_offline_systemcan_view_profilescan_delete_selfcan_post_commentscan_moderate_commentscan_edit_own_commentscan_delete_own_commentscan_edit_all_commentscan_delete_all_commentscan_searchcan_send_private_messagescan_attach_in_private_messagescan_send_bulletinscan_access_cpcan_access_footer_report_bugcan_access_footer_new_ticketcan_access_footer_user_guidecan_view_homepage_newscan_admin_channelscan_create_channelscan_edit_channelscan_delete_channelscan_create_channel_fieldscan_edit_channel_fieldscan_delete_channel_fieldscan_create_categoriescan_edit_categoriescan_delete_categoriescan_create_statusescan_edit_statusescan_delete_statusescan_access_filescan_create_upload_directoriescan_edit_upload_directoriescan_delete_upload_directoriescan_upload_new_filescan_edit_filescan_delete_filescan_access_memberscan_create_memberscan_edit_memberscan_delete_memberscan_ban_userscan_email_from_profilecan_edit_html_buttonscan_admin_rolescan_create_rolescan_edit_rolescan_delete_rolescan_access_designcan_admin_designcan_create_template_groupscan_edit_template_groupscan_delete_template_groupscan_create_template_partialscan_edit_template_partialscan_delete_template_partialscan_create_template_variablescan_edit_template_variablescan_delete_template_variablescan_access_addonscan_admin_addonscan_upload_new_toolsetscan_edit_toolsetscan_delete_toolsetscan_access_utilitiescan_access_commcan_email_rolescan_send_cached_emailcan_access_translatecan_access_importcan_access_sql_managercan_access_datacan_access_logscan_access_sys_prefscan_access_security_settingscan_manage_consents
The following are available for each channel, X being the channel ID.
can_create_entries_channel_id_Xcan_edit_self_entries_channel_id_Xcan_delete_self_entries_channel_id_Xcan_edit_other_entries_channel_id_Xcan_delete_all_entries_channel_id_Xcan_assign_post_authors_channel_id_X
Template editing permissions are being set for each template group, X being template group ID.
can_create_templates_template_group_id_Xcan_edit_templates_template_group_id_Xcan_delete_templates_template_group_id_Xcan_manage_settings_template_group_id_X