LiveWhale CMS

Welcome, Guest Login

Support Center

Our documentation is moving:

Please check for the most up-to-date LiveWhale CMS and LiveWhale Calendar documentation. The below legacy documentation will remain available as a reference until the documentation migration is complete.

How to Check User Authorizations

Last Updated: Jun 26, 2014 06:49AM PDT

Beginning in LiveWhale 1.5.0, we broke user permissions out into a number of individual settings that are more granular. For instance, in the prior schema, there was no easy way to determine if the user has also been granted the ability to Edit Source of a page—that’s now available.

The role-based authorizations mirror the options available when editing a user in 1.5. They are:

  • Make edits to public webpages: pages_edit
  • Edit dynamic content: core_edit
  • Publish dynamic content: core_publish
  • Add, edit, and delete pages and navigations: pages_manage
  • View sitewide activity stream: core_activity
  • Manage content for other groups: core_switch
  • Manage globally shared content: core_globals
  • Manage content submitted by public users: core_submissions
  • System administrator (catch-all): core_admin
  • Manage groups and users: core_groups
  • Show file browser: pages_browse
  • Edit raw page source code: pages_source

Use the following to check the current user’s authorizations:

if ($_LW->userSetting('core_admin')) { … // only admins can do this
The userSetting method requires the role, and optionally accepts two additional parameters.
$_LW->userSetting('core_admin' [, $uid || FALSE [, $value_to_assign]]);
If you need to check the setting for a user other than the current user, you can use the optional $uid parameter. If you’d like to change an authorization value for a user, append the third parameter $value_to_assign, which should be true or false only. If you’re assigning this value for the currently logged-in user, pass boolean FALSE as the $uid.
Finally, when creating data modules, you can add your own authorization roles. You should follow the naming schema above if at all possible, where the first word is the name of your module and the second a term specific to the authorization.
Deprecation Note: Previous to LiveWhale 1.5.0, the simpler user permissions model was stored entirely in the $_SESSION. For those who have code dating to this time, you can still check the $_SESSION is_admin for now, but migrate when possible. It’s there to maintain backwards compatibility for your custom modules during this conversion. The $_SESSION setting uses the the new permissions, so it already returns the same result as the newer model above.
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found