bbsengine3 handbook: access-hooks

access hooks

see the 'authorization-system' chapter for info on what a 'flag' is and the functions to manipulate them.

all actions must have an "access hook" function (inspired by drupal and Ray).

for example:

 function accessmember($op, $data=null, $memberid=null)
    if ($op == "edit" && (flag("ADMIN") === True || $memberid == getcurrentmemberid()))
        return True; 
    return False;

the above function allows editing of a member record if the ADMIN flag is set for the currentuser or if trying to edit your own record.

sometimes an access hook function will have a 'data' parameter that can be used to pass in additional information.

each object that might be used on a site is controlled by an access hook. this makes it easy to adjust access at a later time without having to modify a bunch of files. it also facilitates extensive logging which can be modified or turned off completely without a lot of effort.