Hotaru Docs


Adding Permissions

Every user is given a role, for example admin or member, and then plugins assign default permissions to those roles. Here's how:

Add default permissions

This example function sets default permissions for admin, member and other users. Admins can sing and dance, members can only sing, and others can't do anything. Copy the code into your plugin's install function and edit it to suit your needs:

 * Install settings if they don't already exist
public function install_plugin($h)
    // Permissions
    $site_perms = $h->getDefaultPermissions('all');
    if (!isset($site_perms['can_sing'])) { 
        $perms['options']['can_sing'] = array('yes', 'no');
        $perms['options']['can_dance'] = array('yes', 'no');
        $perms['can_sing']['admin'] = 'yes';
        $perms['can_sing']['member'] = 'yes';
        $perms['can_sing']['default'] = 'no';
        $perms['can_dance']['admin'] = 'yes';
        $perms['can_dance']['member'] = 'no';
        $perms['can_dance']['default'] = 'no';

When the plugin is installed, Hotaru saves two copies in the database - "site perms" and "base perms". "site perms" can be edited by site admins in the User Manager plugin. "base perms" never change so an admin can revert to them if necessary.

The "all" in the getDefaultPermissions function call returns site permissions for all roles. This is required.

The if conditional is used to see if the permissions have previously been installed. If they have, we skip installing them again.

The updateDefaultPermissions function call updates both site and base perms.

We don't use Boolean true or false values because you're not limited to just yes and no. You can extend the array with other choices, too. Some possibilities are:

  • mod - "moderated". You could set up email notification or some kind of pending queue for moderated actions.
  • own - Enable users to perform actions on their own content, e.g. editing their own comments, posts, etc.
  • limit - limit the number of times a user can perform a certain action.

While those labels are purely suggestions, it would be sensible for developers to stick to common language. If a permission label varies between "own", "self" and "mine", things might get messy.

Add permission tests

Using your new permissions is quite simple. Here's an example:

if ($h->currentUser->getPermission('can_sing') == 'yes') { 
    $this->playMusic() // call this plugin's playMusic function 
} else { 
    $h->message = $h->lang['singing_permission_denied'];
    $h->messageType = 'red';
Getting StartedDesign and LayoutPlugin DevelopmentAdvanced TopicsFunction ReferenceTroubleshooting