15

I'm trying to restrict access to items in a channel using some form of custom user permissions however I don't appear to be able to create or set custom read permissions for a channel using crafts permissions as they currently are, I'm therefore trying to do something using either user groups or custom fields on the user and validate if a user has access that way.

I'm hoping this is along the right lines, although it doesn't seem ideal, so is it possible to check if a user is in a certain user group elegantly using twig?

I can do {{ if currentUser.admin }} and I'm guessing I could therefore do something like {{if 'groupnamewithaccess' in currentUser.groups }}

Darren
  • 433
  • 1
  • 4
  • 12

4 Answers4

26

I believe what you're looking for is 'isInGroup'

{% if currentUser.isInGroup('groupHandle') %}

It will also accept an actual group object or a group ID as well.

There is also getGroups:

{{ currentUser.getGroups() }}

Will return an array of UserGroupModels all of the groups the user belongs to.

And finally, can:

{{ currentUser.can('permissionName') }}

Will check if the current user has the given permissions, whether that was indirectly assigned to them in a group, or directly assigned to them as a user.

Brad Bell
  • 67,440
  • 6
  • 73
  • 143
11

If you're looking to check groups and/or permissions from your plugin controller with PHP, you can access the same methods.

Craft 3.0.x: 

//get the current user from craft
$user = Craft::$app->getUser();

//check if the current user has permission to edit certain entries
$user->getIdentity()->can('editEntries: 27')

//check if user is in group
$user->getIdentity()->isInGroup('specialGroupHandle'));

Craft 3.1.x

Since Craft 3.1.x not uses ids to check permissions anymore but uids you need to pass the uid of your section

$user->getIdentity()->can('editEntries: 86f6afac-1d8c-43ba-8624-12d925ba57f5')

Craft 2:

//get the current user from craft
$user = craft()->userSession->getUser();

//check if the current user has permission to edit certain entries
$checkPerms = $user->can('editEntries: 27');

$checkPerms will return a boolean

Robin Schambach
  • 19,713
  • 1
  • 19
  • 44
David Rampersad
  • 271
  • 2
  • 9
  • awsm - thx Robin and David – bhu Boue vidya Apr 23 '22 at 02:17
  • Just a note that it's probably more clear that "get the current user" should be $user = Craft::$app->getUser()->getIdentity(); as Craft::$app->getUser() technically returns the User service/component (as noted by Robin here: https://craftcms.stackexchange.com/a/25917/6275). – Nate Beaty May 06 '22 at 21:40
2

I had a similar situation:
I wanted to restrict some users from certain entries.

I've created a checkboxes field called "cf_userRights_checkboxes" where the label is the user-groups name and the value is the user-groups id. Then added that field to a section.

In a section entry you will be able to set the user-groups that have permission and then check if the currentUser is in one of these groups:

{% set condition = 0 %}
{% for userGroup in currentUser.getGroups %}
    {% if userGroup.id in entry.cf_userRights_checkboxes %}
        {% set condition = 1 %}
    {% endif %}
{% endfor %}

{% if condition %}
    please enter
{% else %}
    sorry, not you
{% endif %}

Note: you have to loop through user-groups because a user can be in more than one group.

Let me know if there's a better solution.

Cheers
Stefan

outline4
  • 595
  • 3
  • 14
1

Like in answer before of Robin Schambach and David Rampersad I tried to solved it this way:

$user->getIdentity()->can('editEntries: 86f6afac-1d8c-43ba-8624-12d925ba57f5')

Anyway I had to remove the space between the uuid and the permission string:

$user->getIdentity()->can('editEntries:86f6afac-1d8c-43ba-8624-12d925ba57f5')

Inside my module I ended up with that:

$user->checkPermission('editEntries:'.$entry->section->uid)

Slowwie
  • 235
  • 1
  • 7