allow/disallow certain logic insided certain tag

Justoverclock

Hello, i'm struggling to understand permissions for flarum, for instance, i want to allow or disallow certain logic inside a certain tag based on permissions...

from what i understand reading the docs, i need first to create a policy...

so inside \Access\UserPolicy i have

class UserPolicy extends AbstractPolicy
{
    public function canDoSomething(User $actor, User $user)
    {
        if (!$actor->hasPermission('justoverclock-my-namespace.canDoSomething') && $this->isSuspended($user)) {
            return $this->deny();
        }

        return $this->allow();
    }

    protected function isSuspended(User $user): bool
    {
        return $user->suspended_until !== null
            && $user->suspended_until instanceof Carbon
            && $user->suspended_until->isFuture();
    }
}

in my admin settings i have registered the permission:

.registerPermission({
      icon: 'far fa-thumbs-up',
      label: app.translator.trans('justoverclock-my-namespace.admin.permission.canDoSomething'),
      permission: 'justoverclock-my-namespace.canDoSomething',
      allowGuest: false,
    }, 'moderate')

now this return always true even if in my admin settings i have only admins

also, i cannot set permissions for groups.....

why this not work?

luceos

It's very difficult understanding where this goes wrong without the full code. Some things:

did you register the policy in the extend.php?
do you see any debug dump if you use this code?

class UserPolicy extends AbstractPolicy
{
    public function canDoSomething(User $actor, User $user)
    {
dd($actor->hasPermission('justoverclock-my-namespace.canDoSomething'), $this->isSuspended($user));
        if (!$actor->hasPermission('justoverclock-my-namespace.canDoSomething') && $this->isSuspended($user)) {
            return $this->deny();
        }

        return $this->allow();
    }

    protected function isSuspended(User $user): bool
    {
        return $user->suspended_until !== null
            && $user->suspended_until instanceof Carbon
            && $user->suspended_until->isFuture();
    }
}

Justoverclock

actually i can't find the right way to implement a permission for groups under certain tags.

my goal is: if the user groups is not allowed in the admin dashboard then i will not run certain logics..

so i suppose i need to create the policy first...but i can't understand how. How can i look if the tag has the permission for that group?

class TagReputationPolicy extends AbstractPolicy
{
    protected SettingsRepositoryInterface $settings;

    public function __construct(SettingsRepositoryInterface $settings)
    {
        $this->settings = $settings;
    }
    public function canEarnPoints(User $actor, Tag $tag)
    {
      if ($tag-> ???)
    }
}

in extend.php

(new Extend\Policy())
        ->modelPolicy(Tag::class, TagReputationPolicy::class),

in admin frontend:

 .registerPermission({
      icon: 'far fa-thumbs-up',
      label: app.translator.trans('justoverclock-reputation-score.admin.permission.canEarnReputation'),
      permission: 'justoverclock-reputation.canEarnReputation',
      allowGuest: false,
    }, 'reply')

the problem here is that i cannot select any group for that tag

SychO

To be able to have a per tag ability, you have to:

prefix your permission name with discussion. (for example: discussion.lock)
then you can check that ability by passing the relevant discussion $actor->can('lock', $discussion)

So there has to be a discussion model related to what you are trying to do. If not, then please explain your use case.

Ref: https://docs.flarum.org/extend/admin/#registering-permissions:~:text=If%20your%20extension,false%20is%20indicated.

Justoverclock

SychO mmhh i dont think this is my case...i want to run/not run certain logics for my events.

for example, at moment i'm listening to Flarum\Discussion\Event\Started to do something. Substancially i want that if under that tag, the user group do not have the permission to "earnReputation", my logic will be skipped...

but i will try