Elxis CMS Forum

Support => Elxis 2008 developers guide => Topic started by: datahell on October 18, 2007, 12:07:38

Title: Check if user is allowed to upload files
Post by: datahell on October 18, 2007, 12:07:38
Elxis 2008 has editable ACL checks if a user is allowed to upload files.
Here is a sample check you should use in a third party extension.

Code: (php) [Select]
<?php
//get user usertype
if ( $my->usertype == &#39;&#39; ) {
$usertype eUTF::utf8_strtolower($acl->get_group_name(&#39;29&#39;));
} else {
$usertype eUTF::utf8_strtolower($my->usertype);
}

$canUploadImages $acl->acl_check( &#39;action&#39;, &#39;upload&#39;, &#39;users&#39;, $usertype, &#39;files&#39;, &#39;images&#39; ); //allowed to upload images
$canUploadAvatars =$acl->acl_check( &#39;action&#39;, &#39;upload&#39;, &#39;users&#39;, $usertype, &#39;files&#39;, &#39;avatars&#39; ); //allowed to upload avatar images
$canUploadFiles =$acl->acl_check( &#39;action&#39;, &#39;upload&#39;, &#39;users&#39;, $usertype, &#39;files&#39;, &#39;all&#39; ); //allowed to upload any file
?>

Notice
In Elxis core components we add the user's id as a prefix in uploaded file names (ie 62_myfile.zip). This way we can track down the files origin and we can filter afterwards the files a user can see/edit/use/delete. For instance a user can upload multiple avatars and afterwards select one to use. He can also change his avatar anytime. But he is only allowed to use his own avatars not the other people's uploaded avatars. We propose you to use the same mechanism in your extensions for Elxis CMS.