• Edit
  • Delete

ullright Access Control

The ullright access control system is based on users, groups and permissions.

Users are organized in groups, and groups have permissions.

 

Entity relation diagram for ullCore

 

 

ullsfActions::checkPermission($permission)

The default way to protect an (symfony) action is to check for a certain permission.

 

Example for the ullWiki edit action:

// File plugins/lib/ullWikiPlugin/modules/ullWiki/lib/BaseUllWikiActions.class.php
  
  public function executeEdit($request)
  {
    $this->checkPermission('ull_wiki_edit');
    ...
  }   

The checkPermission() method explained:

  • First it checks if a user is logged in. If not, it redirects to the login action.
  • If a user is logged in, it checks the access for the given permission "ull_wiki_edit".
  • If the user doesn't have the required permission a "no access" page is displayed.
  • Otherwise it displays the desired page.

 

The permission "ull_wiki_edit" must be defined in the table "UllPermission".