Users, Roles and Permissions

Users are stored in the users table. The non-modifiable primary key is uid, quite like an Unix user id, which is used to identify the user through the system. Other settings like username and email can be changed by the user.

Roles allow to group users and grant them permissions. Users are allowed to be in multiple roles. Roles are stored in the roles table. The primary key is rid, quite like an Unix group id, with two default roles (anonymous and authenticated).

The default user roles are:

The relationship between users and roles is kept in the user_roles table.

Permissions can be assigned to a role or to an user. The tag to use in checking the appropriate permissions is .

The following example produces a link only if the current user has the "create_content" permission:

  [acl check create_content]
	  <a href="[area new_content]">Create content</a>
  [/acl]

returns its body on success, or the first matching permission if body is empty. Please note that [acl check] without a permission specified is always successful.

Per-page permissions in [compose] calls

Permissions can be checked for a complete page:

[compose
  acl.check="view_titles"
  acl.bounce="index"

  components.body="title_info"
]

 

[Note] Note
Forms created and submitted via bypass this permission check because they are evaluated earlier, during autoload routine.

Menu permissions

It is possible to only show menu entries for which users have corresponding permissions, using the field permission in the menus table.

DocBook! Interchange!