Ixonn Group

Staff Capabilities and Access

You are here:
< All Topics
This feature is available from version 2.3.4

When creating more complex modules, probably you will want to add permissions so the owner can control what staff members can and cannot do.

In Ixonn, this is handled with the staff permissions, each staff member can have different access permissions.

Define Module Permissions

As an example, assuming the module is intended to send mass emails and you want the owner to be able to allow only specific staff members to send mails, in your module init file add the following code:

hooks()->add_action(‘admin_init’, ‘my_module_permissions’);

 

function my_module_permissions($permissions)

{

    $config = [];

 

    $config[‘capabilities’] = [

            ‘send_mass_emails’   => ‘Send Mass Emails’,

            ‘create_templates’   => ‘Create Mail Templates’,

    ];

 

    register_staff_capabilities(

        ‘prefix-mass-emails’,

        $config,

        _l(‘prefix_mass_emails’)

    );

}

Save the file and navigate to e.q. Setup->Staff and edit some staff member, when you click on the permissions tab, you will be able to see the permissions at the bottom.

Parameters explained

  1. $feature_id ( prefix-mass-emails ) – We call this the permissions feature, but keep in mind that the name must be unique.
  2. $config (array) – The actual config with an array that has capabilities key, this will be unique to your implementation and will depend on what kind of capabilities your feature needs.
  3. $name – The name of module e.q. Mass Mailer, the name is shown to the user who is editing the permissions so he can identify for which feature the permissions are intended.

Injecting Capabilities Into Existing Features

If you want to inject capabilities into an existing feature, you can achieve this with the following code:

function my_module_permissions()

{

    $capabilities = [];

 

    $capabilities[‘capabilities’] = [

            ‘my-unique-capability-id’ => ‘Invoices Related Capability’,

    ];

 

    register_staff_capabilities(‘invoices’, $capabilities);

}

Checking If Staff Has The Capabilities

Now that you added your permissions, in your code you will want to perform checks and see if the staff member really has the capability for perform specific action.

Assuming that you have a controller with method send

public function send() {

    if(staff_can(‘send_mass_emails’, ‘prefix-mass-emails’)) {

        // Send mails here

    }

}

staff_can

staff_can($capability, $feature = null, $staff_id = ”)

Can be used e.q. staff_can(‘view’, ‘invoices’);

@param string $capability e.q. view | create | edit | delete | view_own | can_delete

@param string $feature the feature name e.q. invoices | estimates | contracts | my_module_name


NOTE: The $feature parameter is available as optional, but it’s highly recommended always to be passed because of the uniqueness of the capability names.

For example, if there is capability “view” for feature “estimates” and also for “invoices” a capability “view” exists too

In this case, if you don’t pass the feature name, there may be inaccurate results.

If you are certain that your capability name is unique e.q. my_prefixed_capability_can_create , you don’t need to pass the $feature
and you can use this function as e.q. staff_can(‘my_prefixed_capability_can_create’)


@param mixed $staff_id staff id | if not passed, the logged in staff will be checked

Be aware the administrators can access all functionalities, the function staff_can will return true for any capability if the user is administrator.

Related Articles

Table of Contents
Scroll Up