Role-Based Access Control

The Framework support role-based control of access to various pages and features. This is based around the notion of contexts and roles : the idea that within a given context someone can play a particular role.

Out of the box, the Framework provides a single context Site and three roles Admin, Developer and Tester. The combination Site/Admin gives access to various administrative functions such as adding pages, whilst the combination Site/Developer allows various developer functions such as running code and generating error tests. Site/Tester is used by interface validation code.

N.B. the Site context should only be used for controlling Framework activities. For anything related to the functionality of your site that requires control then you should add a new context name using the interface on the Admin menu. You can of course re-use the existing role names, but should add more as needed.

Testing for Context/Role

If you have a User bean then you can check if they can play a role by using $user->hasrole($contextname, $rolename) where $contextname and $rolename are strings :

    $user->hasrole('Site', 'Admin');

When you add a page to your site, you can specify that it can be accessed only by certain Context/Role combinations, and the Framework will handle this testing for you before invoking the page, so you can avoid such testing within a page implementation. Access to AJAX operations is also controlled in a similar fashion, and avoids such checks in your code.