MyBB

Lewis L · 2021-08-30, 03:42 PM

Looking to implement admin permissions for a plugin's module to restrict access to certain pages, I've had a look around but there doesn't seem to be much documentation on the process.

There's hooks for the admin permissions module and the admin permissions themselves look to be defined in the permissions table of the mybb_adminoptions table as a serialized array.

Any help on getting this working would be very appreciated! Big Grin

Omar G. · 2021-08-30, 09:17 PM

You first add your action handler to the proper module ( config for this example ) :

function admin_config_action_handler(&$args)
{
    $args['foo_action'] = [
        'active' => 'foo_action',
        'file' => 'foo_action_file.php'
    ];
}

MyBB will always attempt to load permissions for all ( action ) files found in the module directory ( except for the home module ):
https://github.com/mybb/mybb/blob/9ccde7...x.php#L791

Now, just add your action to the list of permissions for admins to update in the admin permissions pages :

function admin_config_permissions(&$args)
{
    $args['foo_action'] = "Can manage the Foo Action system?";
}

If this last step is missing, the code _could_ assume permission is not set, thus always true ( has permission ) ( see: https://github.com/mybb/mybb/blob/9ccde7...s.php#L362 ). But I won't rely on this, and either way the recommended practice should be to always add the corresponding permission code for any action page added.

Use the following to set the permission during the activation, installation, deactivation, or uninstallation processes :

change_admin_permission('config', 'foo_action', 1);

https://github.com/mybb/mybb/blob/9ccde7...s.php#L545

Crazycat · 2021-08-30, 10:54 PM

Thanks Omar for this tutorial Smile

Login
Username:
Password:	Lost Password?
	Remember me