Jump to content

4.1.13 FrontNavigation extension changes


Mark
 Share

Recommended Posts

We have made some changes in IPS Community Suite 4.1.13 to how FrontNavigation extensions handle permissions.

Previously the permission settings ("Show this item to users who can access its content" / "I want to choose which groups can see this item") were ambiguous as to whether the latter setting includes groups who cannot access the content the item links to. This change resolves that ambiguity. The changes are backwards compatible, so you don't need to make any changes for your application to keep working, but you should make these changes as soon as possible to ensure consistency.

Previously, permission checks were implemented in a single method and you would call the parent method within it. For example, here is what was defined for the Cards extension in the Commerce app (which shows a link to where users can view and add stored credit cards):

	/**
	 * Can access?
	 *
	 * @return	bool
	 */
	public function canView()
	{
		return \IPS\Settings::i()->card_storage_gateways and parent::canView() and \IPS\Member::loggedIn()->canAccessModule( \IPS\Application\Module::get( 'nexus', 'clients' ) );
	}

This has 3 checks:

  • It checks if the site has any gateways set up which allow cards to be stored. If this functionality doesn't exist, the link shouldn't show to any users.
  • It calls parent::canView() which is intended to check the permissions the admin has set up for the menu item.
  • It checks the currently logged in user has permission to access the page.

 

In 4.1.13, rather than override canView() like this, there are 2 different methods you can override:

  • isEnabled() is used for you to specify if the functionality the menu item linked to exists. If this returns false, the menu item will never show to any users, regardless of whatever permissions to admin has set up. In the Commerce example above, we will use this method to check if it is possible for anyone to use stored cards. This is a static method.
  • canAccessContent() is used for you to specify if the currently logged in member can view the page that the menu item links to. The admin may choose to override this, or they may choose to show the menu item to those users who this returns true for. In the Commerce example above, we will use this method to check if the user has permission to access the client area.

 

So here is the new code for the Cards extension in the Commerce app:

	/**
	 * Can this item be used at all?
	 * For example, if this will link to a particular feature which has been diabled, it should
	 * not be available, even if the user has permission
	 *
	 * @return	bool
	 */
	public static function isEnabled()
	{
		return \IPS\Settings::i()->card_storage_gateways;
	}
		
	/**
	 * Can the currently logged in user access the content this item links to?
	 *
	 * @return	bool
	 */
	public function canAccessContent()
	{
		return \IPS\Member::loggedIn()->canAccessModule( \IPS\Application\Module::get( 'nexus', 'clients' ) );
	}

 

Link to comment
Share on other sites

21 minutes ago, Dylan Riggs said:

Off topic...

So why is this posted here exactly, and not the whole community? Are contributors the only ones to know about backend changes before releases and not the entirety of the IPS community? Sorry, these have been ratteling my attention a bit :p
 

How would this benefit non-contributors?

Link to comment
Share on other sites

35 minutes ago, HeadStand said:

How would this benefit non-contributors?

Just because someone hasn't uploaded a file to the marketplace, doesn't mean that they don't do any development work at all with the IPS framework. It's silly to hold back breaking changes from everyone but private contributors.

Edit... ninjaed

Edited by Dylan Riggs
Link to comment
Share on other sites

5 hours ago, Dylan Riggs said:

Off topic...

So why is this posted here exactly, and not the whole community? Are contributors the only ones to know about backend changes before releases and not the entirety of the IPS community? Sorry, these have been ratteling my attention a bit :p
 

I didn't give where I posted it a huge amount of thought... but the idea is that contributors can make sure nothing we're doing will break their mods and if so, let us know before the release so we can fix it since if we do something which breaks a really popular mod that sucks for everyone: us, the author and the users. In fact, for the gateway changes, we already did change the signature slightly from what I originally had it as because someone messaged me to tell me it was causing their gateway to get an error.

Link to comment
Share on other sites

12 minutes ago, Mark said:

I didn't give where I posted it a huge amount of thought... but the idea is that contributors can make sure nothing we're doing will break their mods and if so, let us know before the release so we can fix it since if we do something which breaks a really popular mod that sucks for everyone: us, the author and the users. In fact, for the gateway changes, we already did change the signature slightly from what I originally had it as because someone messaged me to tell me it was causing their gateway to get an error.

if only we have good dev-portal including all official recourses with upgrading notes between versions :cry: 

Link to comment
Share on other sites

2 hours ago, Mark said:

I didn't give where I posted it a huge amount of thought... but the idea is that contributors can make sure nothing we're doing will break their mods and if so, let us know before the release so we can fix it since if we do something which breaks a really popular mod that sucks for everyone: us, the author and the users. In fact, for the gateway changes, we already did change the signature slightly from what I originally had it as because someone messaged me to tell me it was causing their gateway to get an error.

I understand that, but my point still remains. Posting it private isn't benefiting anyone not labeled as a contributor - Posting it public will. If it's public, authors as well as everyone else will know what needs to be altered to fit the changes that the updates are being pushed..... that's all.

Looking forward to this new dev center ^_^

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...