Back in October, I released my first module for Drupal, the open-source content management system. These days, I seem to be developing exclusively for Drupal, and with a robust API and thriving community, I can only say how much fun it is to work with.
However, like any platforms, there are pieces missing. Fortunately, Drupal is one of those platforms that is very easily extended through modules. I came across one of those missing pieces while working on a project. I do all of my development in a sandbox, and when the work is complete, I QA the product in a staging environment before pushing the code and database changes to a production environment. I found that there was no way to manage user/role permissions in code; all management was a manual process via the web interface.
Having to repeat manual tasks like this across different environments increases the odds of errors. Steps can be omitted or performed improperly. In the case of permissions, I decided to correct that by writing a module called Permissions API. What this module allows you to do is to grant and revoke permissions to roles in code.
This is probably most useful in the context of programmatically creating CCK content types. The ability to import CCK content types through code is great until you decide that you want members of specific roles to be able to do something with this content type. Currently, the only way to grant the permissions is to navigate through the access control page in the admin interface, which is completely unusable if you have a lot of roles and a lot of modules. This module addresses that problem by providing two functions:
permissions_grant_permissions()
permissions_revoke_permissions()
Each function accepts a role id and an array of permissions. Sample usage would be:
PHP:
-
<?php
-
function mymodule_update_1(){
-
// Handle roles and permissions
-
$rid = db_result(db_query('SELECT r.rid FROM {role} r WHERE r.name = \'some custom role\''));
-
if($rid> 0){
-
-
'create some_content_type content',
-
'edit some_content_type content',
-
'edit own some_content_type content',
-
);
-
permissions_grant_permissions($rid, $permissions);
-
}
-
}
-
?>
This module also provides functions for granting all permissions defined by a given module to a given role, as well as granting all defined permissions to a given role, which is useful for creating admin-type roles. Sample usage would be:
PHP:
-
<?php
-
function mymodule_update_2(){
-
// Create a "super-admin" role by granting all permissions
-
$rid = db_result(db_query('SELECT r.rid FROM {role} r WHERE r.name = \'some custom role\''));
-
if($rid> 0){
-
permissions_grant_all_permissions($rid);
-
}
-
}
-
?>
The next example shows how to grant all permissions defined by a specific module to a specific role:
PHP:
-
<?php
-
function mymodule_update_3(){
-
// Grant all permissions defined by a module's hook_perm implementation
-
$rid = db_result(db_query('SELECT r.rid FROM {role} r WHERE r.name = \'some custom role\''));
-
if($rid> 0){
-
permissions_grant_all_permissions_by_module($rid, 'some module')
-
}
-
}
-
?>
[tags]api, code, drupal, module, permissions[/tags]
