Supplies expected keys in 2nd arg of integrate_load_permissions hook

[Sesquipedalian]

Fixes #8007

[Sesquipedalian]

@dragomano, please verify that this fixes the issue.

[dragomano]

You can't forget about self::$permission_groups['membergroup'] either:

self::$permission_groups['membergroup'] = &self::$permission_groups['global'];
$permissions_by_scope['membergroup'] = &$permissions_by_scope['global'];

However, I'm already just using such a condition in my code:

$scope = isset($permissionList['global']) ? 'global' : 'membergroup';

Convenient, and no need to copy arrays :)

[Sesquipedalian]

You can't forget about self::$permission_groups['membergroup'] either:

self::$permission_groups['membergroup'] = &self::$permission_groups['global'];
$permissions_by_scope['membergroup'] = &$permissions_by_scope['global'];

Oops! Thanks for that.

However, I'm already just using such a condition in my code:

$scope = isset($permissionList['global']) ? 'global' : 'membergroup';

Convenient, and no need to copy arrays :)

It's just a reference, not a copy, so I'm not worried about it.

FYI, I suggest that you update your code to use the new integrate_permissions_list hook instead. It is the recommended way to work with permissions in SMF 3.0. The integrate_load_permissions, integrate_load_illegal_permissions, and integrate_load_illegal_guest_permissions hooks are now deprecated and will be removed in a future version.

[dragomano]

I've seen the new hook, but it will only work in 3.0, plus show me an example of how to use it to do the same thing I'm doing now.

[Sesquipedalian]

show me an example of how to use it to do the same thing I'm doing now.

Obviously I have not tested the following code, but here is the requested example.

Find:

	public function loadIllegalGuestPermissions(): void
	{
		Utils::$context['non_guest_permissions'] = array_merge(
			Utils::$context['non_guest_permissions'],
			[
				'light_portal_manage_pages_own',
				'light_portal_manage_pages_any',
				'light_portal_manage_pages',
				'light_portal_approve_pages',
			]
		);
	}

	public function loadPermissions(array &$permissionGroups, array &$permissionList, array &$leftPermissionGroups): void
	{
		Lang::$txt['permissiongroup_light_portal'] = LP_NAME;

		$scope = isset($permissionList['global']) ? 'global' : 'membergroup';

		$permissionList[$scope]['light_portal_view']          = [false, 'light_portal'];
		$permissionList[$scope]['light_portal_manage_pages']  = [true, 'light_portal'];
		$permissionList[$scope]['light_portal_approve_pages'] = [false, 'light_portal'];

		$permissionGroups[$scope][] = $leftPermissionGroups[] = 'light_portal';
	}

Replace:

	public function permissionsList(array $permissions): void
	{
		Lang::$txt['permissiongroup_light_portal'] = LP_NAME;

		$permissions['light_portal_view'] = [
			'view_group' => 'light_portal',
			'scope' => 'global',
		];

		$permissions['light_portal_manage_pages_own'] = [
			'generic_name' => 'light_portal_manage_pages',
			'own_any' => 'own',
			'view_group' => 'light_portal',
			'scope' => 'global',
			'never_guests' => true,
		];

		$permissions['light_portal_manage_pages_any'] = [
			'generic_name' => 'light_portal_manage_pages',
			'own_any' => 'any',
			'view_group' => 'light_portal',
			'scope' => 'global',
			'never_guests' => true,
		];

		$permissions['light_portal_approve_pages'] = [
			'view_group' => 'light_portal',
			'scope' => 'global',
			'never_guests' => true,
		];
	}

Note that this example only shows how to reproduce what you are doing now. However, by using integrate_permissions_list, you could also get access to other functionality that the existing hooks cannot provide. For example, you could set a group_level for your custom permissions in order to have them included in the predefined permission profiles. The full list of possible options is available here:

SMF/Sources/Actions/Admin/Permissions.php

Lines 188 to 233 in 655fcfe

	/**
	* @var array
	*
	* List of all known permissions.
	* Protected to force access via getPermissions().
	*
	* Mods can add to this list using the integrate_permission_list hook.
	*
	* For each permission, the available keys and their meaning are as follows:
	*
	* - generic_name: This is used to group own/any variants together. For
	* permissions that don't have own/any variants, this is can be left
	* unset. The default is the same as the permission name.
	*
	* - own_any: Indicates whether this is the "own" or the "any" variant of
	* the generic permission. Not applicable for permissions that don't
	* have own/any variants.
	*
	* - view_group: Name of the group to show the permission within on the
	* profile profile editing page.
	*
	* - scope: Either 'board' for permissions that apply at the board level,
	* or 'global' for permissions that apply everywhere.
	*
	* - group_level: Used by the predefined permission profiles to indicate
	* the minimum group level that this permission should be granted at.
	*
	* - board_level: Used by the predefined permission profiles to indicate
	* the minimum board level that this permission should be granted at.
	*
	* - hidden: If true, permission should not be shown in the UI.
	*
	* - label: Indicates the Lang::$txt string to use as the generic label for
	* this permission. Defaults to 'permissionname_' . generic_name.
	*
	* - vsprintf: Arguments passed to vsprintf() at runtime to generate the
	* finalized form of the label string.
	*
	* - never_guests: If true, this permission can never be granted to guests.
	*
	* - assignee_prerequisites: Permissions that someone must already have at
	* least one of before they can be granted this permission.
	*
	* - assigner_prerequisites: Permissions that someone must have at least
	* one of before they can grant this permission to anyone.
	*/

[dragomano]

Already interesting, but still lacks the functionality I need. I reproduced your example and this is what I got:

[Sesquipedalian]

public function permissionsList(array $permissions): void
{
	Lang::$txt['permissiongroup_light_portal'] = LP_NAME;

	\SMF\Actions\Admin\Permissions::$permission_groups['global'][] = 'light_portal';
	\SMF\Actions\Admin\Permissions::$left_permission_groups[] = 'light_portal';

	$permissions['light_portal_view'] = [
		'view_group' => 'light_portal',
		'scope' => 'global',
	];

	$permissions['light_portal_manage_pages_own'] = [
		'generic_name' => 'light_portal_manage_pages',
		'own_any' => 'own',
		'view_group' => 'light_portal',
		'scope' => 'global',
		'never_guests' => true,
	];

	$permissions['light_portal_manage_pages_any'] = [
		'generic_name' => 'light_portal_manage_pages',
		'own_any' => 'any',
		'view_group' => 'light_portal',
		'scope' => 'global',
		'never_guests' => true,
	];

	$permissions['light_portal_approve_pages'] = [
		'view_group' => 'light_portal',
		'scope' => 'global',
		'never_guests' => true,
	];
}

[dragomano]

Great, now it works as it should. However, if this hook is not added in 2.1.5, we will still have to wait for 3.0 to be released before using it. And there's a lot more code here than in those 2 previous hooks.

[Sesquipedalian]

The new hook will only appear in 3.0. The old hooks will remain available in 3.0, but they will be removed in a future version.

You know your own project better than I do, of course, so make your decisions as you see fit. 🙂

[dragomano]

I noticed one problem - in the settings, when permissions are specified in $config_vars via ['permissions', 'bla-bla-bla'], the 'never_guests' => true property does not work.

[dragomano]

The same behavior with calendar permissions:

'calendar_edit_own' => [
	'generic_name' => 'calendar_edit',
	'own_any' => 'own',
	'view_group' => 'calendar',
	'scope' => 'global',
	'group_level' => self::GROUP_LEVEL_MODERATOR,
	'never_guests' => true,
],
'calendar_edit_any' => [
	'generic_name' => 'calendar_edit',
	'own_any' => 'any',
	'view_group' => 'calendar',
	'scope' => 'global',
	'group_level' => self::GROUP_LEVEL_MAINTENANCE,
	'never_guests' => true,
],

If these permissions are inherently prohibited for assignment to guests, then why is the "Guests" item isn't hidden?

[Sesquipedalian]

That would be a bug.