Users are stored in the users table. The non-modifiable primary key is uid, quite like an Unix user id, which is used to identify the user through the system. Other settings like username and email can be changed by the user.
Roles allow to group users and grant
them permissions. Users are allowed
to be in multiple roles.
Roles are stored in the roles table. The primary key
is rid, quite like
an Unix group id, with two default roles
(anonymous
and authenticated
).
The default user roles are:
Anonymous user (rid 1): this role is used for users that don't have a user account or that are not authenticated
Authenticated user (rid 2): this role is automatically granted to all logged in users
The relationship between users and roles is kept in the user_roles table.
Permissions can be assigned to a role or to an user. The tag to use in checking the appropriate permissions is .
The following example produces a link only if the current user
has the "create_content
" permission:
[acl check create_content] <a href="[area new_content]">Create content</a> [/acl]
returns its body on success, or the first matching permission if
body is empty. Please note that [acl check]
without a permission
specified is always successful.
Permissions can be checked for a complete page:
[compose acl.check="view_titles" acl.bounce="index" components.body="title_info" ]
Note | |
---|---|
Forms created and submitted via bypass this permission check because they are evaluated earlier, during autoload routine. |