Acl Class
Acl Class Documentation
The Acl (Access Control List) class provides the granular authorization engine for GeniXCMS. Unlike the simple numeric levels of User::access(), the ACL system allows for named permission keys that can be toggled on or off for specific user groups via the administrative dashboard.
It enables a highly flexible security model where different roles (Editors, Authors, etc.) can be granted or denied specific capabilities like POSTS_DELETE or THEMES_MANAGE.
⚡ How It Works
Permission checks in GeniXCMS follow a specific order of precedence:
- Administrator (Level 0) Override: Users with Level 0 always pass any ACL check, regardless of settings.
- Database Override: The system checks the
permissionstable for an explicitstatus(Allowed/Denied) for the user's group. - Code-Defined Default: If no database setting exists, the system falls back to the default allowed groups specified when the permission was registered in the code.
🛠️ Public Methods Reference
Acl::check(string $permission)
Performs a permission check for the currently authenticated user.
- Returns:
bool—trueif operation is permitted,falseotherwise.
Acl::register(string $key, string $label, array $default_groups = [0, 1, 2])
Registers a new capability into the system. Modules should use this to add their own security hooks.
| Parameter | Type | Default | Description |
|---|---|---|---|
$key |
string |
✅ | Unique key (e.g., 'MOD_GALLERY_UPLOAD'). |
$label |
string |
✅ | Human-readable name shown in ACL Manager. |
$default_groups |
array |
[0, 1, 2] |
Group IDs (0-6) allowed by default. |
Acl::checkGroup(string $permission, int|string $group)
Checks if a specific user group has a particular permission.
if (Acl::checkGroup('POSTS_DELETE', 2)) {
echo "Editors can delete posts.";
}Acl::set(int|string $group_id, string $permission, int $status)
Updates or inserts a permission record into the database.
$status:1for Allow,0for Deny.
Acl::getAllPermissions()
Returns an associative array of all registered permissions and their metadata. Used primarily for rendering the ACL Matrix in the admin panel.
🛡️ Core Permissions Reference
GeniXCMS registers several dozen core permissions by default during the init() phase.
| Category | Typical Keys | Default Access |
|---|---|---|
| Posts | POSTS_VIEW, POSTS_ADD, POSTS_EDIT, POSTS_DELETE |
Admin, Supervisor, Editor, Author |
| Pages | PAGES_VIEW, PAGES_ADD, PAGES_EDIT, PAGES_DELETE |
Admin, Supervisor, Editor |
| Media | MEDIA_VIEW, MEDIA_UPLOAD, MEDIA_DELETE |
Admin, Supervisor, Editor, Author |
| System | SETTINGS_MANAGE, THEMES_MANAGE, MODULES_MANAGE |
Administrator Only |
| Users | USERS_VIEW, USERS_ADD, USERS_EDIT, USERS_DELETE |
Admin, Supervisor |
🔌 Using ACL in Modules
1. Registration
In your module's init hook or constructor:
Acl::register('BOOKING_CANCEL', 'Cancel customer bookings', [0, 1]);2. Implementation
Inside your module's controller/action logic:
if (Acl::check('BOOKING_CANCEL')) {
// Proceed with logic...
} else {
Control::error('noaccess');
}3. Masking UI Elements
In your views (Latte templates):
{if Acl::check('BOOKING_CANCEL')}
<button class="btn btn-danger">Cancel Booking</button>
{/if}See Also
- User Class — How user levels and groups are defined.
- ACL Manager Guide — Graphical interface for managing these permissions.
- Acl Model — Underlying model and table structure.