Permissions

Every website visitor, whether they are a registered (authenticated) User or visit the site anonymously, is considered a User to yeager. Non-anonymous User accounts do also include additional information such as login/e-mail and optional custom properties. 
 
An Extension's code is executed as the User who actually performs the relevant action on an object. All API calls of yeager check if the User owns sufficient permissions before execution. 
 
Following is an overview of all permissions available in the system. 
 
In some cases you might want to execute specific API calls although a User does not own permissions to do so: Below you will also find instructions on how to escalate the permissions of a User.

Object-level permissions

yeager offers the following granular permissions (per object) for Content Blocks, Files, Mailings, Pages, Tags and Usergroups. 
 
Permission code Description Availability
RREAD
 
  
View/read permission
 
  
Content Blocks, Files, Mailings, Pages, Tags, Usergroups
  
RWRITE
 
  
Write permission
 
  
Content Blocks, Files, Mailings, Pages, Tags, Usergroups
  
RDELETE
 
  
Delete permission 
 
  
Content Blocks, Files, Mailings, Pages, Tags, Usergroups
  
RSUB
  
Permissions to create subnodes
  
Content Blocks, Files, Pages, Tags
  
RMODERATE
  
Permissions to moderate comments
  
Content Blocks, Files, Pages
  
RCOMMENT
  
Permission to comment
  
Content Blocks, Files, Pages
  
RSTAGE
  
Permission to approve and publish
  
Content Blocks, Files, Mailings, Pages
  
RSEND
  
  
Permission to send the published Mailing
  
Mailings
  
  

You can check if a specific User owns permissions on a specific object as follows:
  1. // check permissions for objects with managers
  2. $pageMgr = sPageMgr($siteId);
  3. $page = $pageMgr->getPage($pageId);
  4. if ($page->permissions->check(sUserMgr()->getCurrentUserID(), "RWRITE")) {
  5.       // do stuff
  6. }
  7.  
  8. // for objects without managers
  9. if (sTags()->permissions->check(sUserMgr()->getCurrentUserID(), "RWRITE", $tagId)) {
  10.       // do stuff
  11. }
  12.  
  13. // for usergroups
  14. if (sUsergroups()->usergroupPermissions->check(sUserMgr()->getCurrentUserID(), "RWRITE", $usergroupId)) {
  15.       // do stuff
  16. }

Usergroup-level permissions

The following permissions are defined for each Usergroup:
 
Permission code Description  
RBACKEND
 
Permission to access the yeager backend UI
 
 
RCONTENTBLOCKS
 
Permission to access the Content Block administration panel
 

  
RFILES
 
Permission to access the File administration panel
  

  
RPAGES
  
Permission to access the Page administration panel
  
  
RSITES
  
Permission to administer Sites 
  

  
RTEMPLATES
  
Permission to administer Templates 
  

  
RENTRYMASKS
  
Permission to administer Entrymasks 
  

  
RTAGS
  
Permission to access the Tag administration panel
  
  
RCOMMENTS
 
Permission to access the Comments administration panel
  
 
RUSERS
  
Permission to administer Users
  
 
RUSERGROUPS
  
Permission to administer Usergroups
  
 
RFILETYPES
  
Permission to administer file types
  
 
RCOMMENTCONFIG
  
Permission to change the commenting configuration
  
 
RMAILINGCONFIG 
  
Permission to change the mailing configuration
  
 
RVIEWS
  
Permission to administer File Views
  
 
RPROPERTIES
  
Permission to add and remove properties to/from object types 
  
 
REXTENSIONS_PAGE
  
  
Permission to administer Page Extensions through the Extension administration panel

 
REXTENSIONS_MAILING
  
  
Permission to administer Mailing Extensions through the Extension administration panel 
  
 
REXTENSIONS_FILE
  
  
Permission to administer File Extensions through the Extension administration panel 
  
 
REXTENSIONS_CBLOCK

 
Permission to administer Content Block Extensions through the Extension administration panel 
  
 
REXTENSIONS_CBLISTVIEW
  
  
Permission to administer Content Block List view Extensions through the Extension administration panel 
  
 
RDATA
  
  
Permission to access the Data administration and execute the Export and Import Extensions 
  
 
RIMPORT
 
  
Permission to administer Import Extensions through the Extension administration panel 
  
 
REXPORT
 
  
Permission to administer Export Extensions through the Extension administration panel 
  
 
RUPDATER
 
  
Permission to access the Updates administration panel and update yeager from there
  
 

You can check if a User owns one of these specific permissions as follows:
  1. $userId = sUserMgr()->getCurrentUserID();
  2. $user = sUserMgr()->getUser($userId);
  3.  
  4. if ($user->checkPermission("RBACKEND") {
  5.      // do stuff
  6. }
  7.  
  8. // is the same as:
  9. if (sUsergroups()->permissions->check($userId, "RBACKEND")) {
  10.      // do stuff
  11. }

Custom permissions

You can add custom, global permissions for an Extension which will be configurable through the Usergroup administration panel per Usergroup.
  1. // adding a permission
  2. $this->addPermission("RCUSTOMPERM", "Title of custom permission");
  3.  
  4. // checking the permission
  5. if ($this->checkPermission(sUserMgr()->getCurrentUserID(),"RSPECIALTASK")) {
  6.       // do stuff
  7. }
  8.  
  9. // removing the permission
  10. $this->removePermission("RSPECIALTASK");

Escalating permissions

As an Extension's callback functions are executed as the User who accesses the object and performs the specific action, some use cases will require you to escalate permissions of the actual User.
 
When building a User authenticator for instance, it will be required to get a list of Users. This will usually not be allowed for anonymous Users and therefore you'll have to elevate the permissions making use of the impersonate() or unimpersonate() method (see API docs: UserMgr->impersonate and unimpersonate).
  1. // escalate permissions
  2. sUserMgr()->impersonate(sUserMgr()->getAdministratorID());
  3.  
  4. if (sUserMgr()->getByProperty('USERNAME', $username, false)) {
  5.     // username already exists
  6.     $error = true;
  7.     sSmarty()->assign("error_usernameexists", 1);
  8. }
  9.  
  10. // and revert back to actual User
  11. sUserMgr()->unimpersonate();