You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/design/displaying_elements_based_on_user_permissions.rst
+18-18Lines changed: 18 additions & 18 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,14 +1,14 @@
1
1
Displaying elements based on User permissions
2
-
=============================================
2
+
#############################################
3
3
4
4
In Mautic, it's possible to control the visibility of elements on the user interface based on the User's permissions. This allows for showing or hiding certain features, links, or sections depending on the User's Role and the permissions associated with that Role.
5
5
6
-
This approach enhances security and provides a tailored experience for each User based on their role and access level.
6
+
This approach enhances security and provides a tailored experience for each User based on their Role and access level.
7
7
8
8
Using the ``securityIsGranted`` function
9
-
------------------------------------
9
+
****************************************
10
10
11
-
To display elements conditionally based on User permissions, use the ``securityIsGranted`` function in Twig templates. The ``securityIsGranted`` function checks if the current User has the specified permission and returns a boolean value indicating whether the permission is granted or not.
11
+
To display elements conditionally based on User permissions, use the ``securityIsGranted`` function in Twig templates. The ``securityIsGranted`` function checks if the current User has the specified permission and returns a boolean value indicating whether the User has the permission granted or not.
12
12
13
13
Here's the basic syntax:
14
14
@@ -18,14 +18,14 @@ Here's the basic syntax:
18
18
<!-- Content to display if the user has the specified permission -->
19
19
{% endif %}
20
20
21
-
In this structure, ``permission:string`` represents the specific permission being checked for. Mautic uses a hierarchical permission system, in the format of ``bundle:level:permission``.
21
+
In this structure, ``permission:string`` represents the permission to verify. Mautic uses a hierarchical permission system, in the format of ``bundle:level:permission``.
22
22
23
23
Displaying a User invitation link as example
24
-
--------------------------------------------
24
+
============================================
25
25
26
-
Let's examine a practical example of how to use this function to display a link for inviting new Users to the platform. This link should only be visible to Users who have the permission to create new User accounts.
26
+
Here's a practical example of how to use this function to display a link for inviting new Users to the platform. This link should only be visible to Users who have the permission to create new User accounts.
27
27
28
-
In this example, we're using the ``securityIsGranted`` function to check if the current User has the ``user:users:create`` permission. This permission string is structured to indicate that we're checking for the ability to create new Users within the User management system.
28
+
In this example, the ``securityIsGranted`` function verifies if the current User has the ``user:users:create`` permission. The structure of the permission string verifies if the User has the ability to create new Users within the User management system.
29
29
30
30
.. code-block:: twig
31
31
@@ -38,16 +38,16 @@ In this example, we're using the ``securityIsGranted`` function to check if the
38
38
</li>
39
39
{% endif %}
40
40
41
-
If the current User has the ``user:users:create`` permission, the code inside the if block is rendered, displaying the link to invite new users. The path function creates the link, which generates a URL based on the specified route (``mautic_user_action```) and any additional parameters (``{objectAction: 'new'}``).
41
+
If the current User has the ``user:users:create`` permission, the code inside the if block renders, displaying the link to invite new users. The path function creates the link, which generates a URL based on the specified route - ``mautic_user_action``` - and any additional parameters - ``{objectAction: 'new'}``.
42
42
43
43
The ``'mautic.user.profile.invite'|trans`` expression is used to translate the text 'Invite your team' using Mautic's translation system. This ensures that the text is displayed in the appropriate language based on the user's locale settings.
44
44
45
-
This not only prevents unauthorized access but also keeps the interface clean and relevant for each user's role.
45
+
This not only prevents unauthorized access but also keeps the interface clean and relevant for each User's Role.
46
46
47
-
When implementing permission-based displays, it's essential to also secure the backend routes and actions that these interface elements might trigger. The frontend permission check should be considered an additional layer of security and user experience enhancement, not the sole method of access control.
47
+
When implementing permission-based displays, it's also essential to secure the backend routes and actions that these interface elements might trigger. The frontend permission verification must be an additional layer of security and user experience enhancement, not the sole method of access control.
48
48
49
49
Locating defined permissions
50
-
----------------------------
50
+
============================
51
51
52
52
Mautic organizes its permissions on a per-bundle basis. Each bundle typically defines its own set of permissions in a dedicated PHP file. The standard location for these permission definitions is:
53
53
@@ -62,15 +62,15 @@ For example:
62
62
These PHP files contain classes that extend ``AbstractPermissions`` and define the specific permissions available for that bundle. They usually include methods for building the permission matrix and checking individual permissions.
63
63
64
64
Examining permission files
65
-
--------------------------
65
+
==========================
66
66
67
67
When opening one of these permission files, they'll typically find:
68
68
69
69
- A ``definePermissions`` method that outlines all available permissions for the bundle.
70
-
- Constants defining permission levels (for example, ``LEVEL_VIEW, LEVEL_EDIT, LEVEL_FULL``).
71
-
- Methods for checking specific permissions (for example, ``canViewUsers``, ``canEditEmails``).
70
+
- Constants defining permission levels - for example, ``LEVEL_VIEW, LEVEL_EDIT, LEVEL_FULL``.
71
+
- Methods for checking specific permissions - for example, ``canViewUsers``, ``canEditEmails``.
72
72
73
-
For example, in the ``UserPermissions.php`` file, the ``UserPermissions`` class defines the available permissions for the ``UserBundle`` using a more structured approach. Let's go through the important parts:
73
+
For example, in the ``UserPermissions.php`` file, the ``UserPermissions`` class defines the available permissions for the ``UserBundle`` using a more structured approach. Here are the important parts:
74
74
75
75
.. code-block:: php
76
76
@@ -84,7 +84,7 @@ For example, in the ``UserPermissions.php`` file, the ``UserPermissions`` class
84
84
],
85
85
];
86
86
87
-
In this example, the profile key represents the permission category, and the nested array defines the specific permission levels for actions like editing the username, email, position, name, and having full access to the user profile.
87
+
In this example, the profile key represents the permission Category, and the nested array defines the specific permission levels for actions like editing the username, email, position, name, and having full access to the User profile.
88
88
89
89
To use these permission keys with the ``securityIsGranted`` function in Twig templates, construct the appropriate permission string. The permission string follows the format: ``[bundle]:[level]:[permission]``.
90
90
@@ -96,6 +96,6 @@ Map the permission keys from the UserPermissions class to the corresponding perm
96
96
- ``editname`` => ``user:profile:editname``
97
97
- ``full`` => ``user:profile:full``
98
98
99
-
In each if statement, the ``securityIsGranted`` function is used with the corresponding permission string. If the current user has the specified permission, the code inside the if block will be executed, displaying the relevant form fields for editing the user profile information.
99
+
In each if statement, you pair the ``securityIsGranted`` function with the corresponding permission string. If the current User has the specified permission, the code inside the if block runs, displaying the relevant Form Fields for editing the User profile information.
100
100
101
101
For more information, refer to the Security documentation.
0 commit comments