Join Now

Click here to join our
growing community:

JOIN LOGIN



Docs

Welcome Tour
Handbook
      Markups
      Variables
      Conditions
      Functions
      Forms
      Commands
      Concepts
Extensions
Pro Modules
Developers



Copyright © 2020
Terms of Use
Privacy Policy
BoltWire

Handbook

Groups

This command/function updates and returns the groups of the current member. To generate a list, simply do this:

[(groups)]

The output looks exactly like the {groups} variable--but memberships actually scans all the group pages in your site and updates your groups list. Normally, group memberships are set when you login, and cleared when you logout. When a person is added to or dropped from a group, those new permissions do not go into effect until they log out and back in. Actually, login just calls this function once their credentials are validated. But this function allows you to call it directly.

Note: To update a user's groups without generating output, put output=false in the function.

You can also see what groups another member is in by setting the id parameter. For example:

[(search group=member fmt='{+p}: <(groups id={+p})>')]

This function will generate a list of all your member ids followed by the groups they are in.

Groups and Permissions

Group pages are simple pages containing lists of member ids (separated by line breaks). To make someone an admin, add their id to the page group.admin. To make someone an editor, add them to group.editor. You can create as many group pages as you like and assign any member to any group.

Permissions for most site activity is controlled by authorization pages. View permission is controlled by site.auth.view. Write permission is controlled by site.auth.write. There are also auth pages for data, info, upload and mail, and you can create as many more as you like. These pages contain a list of lines similar to the following:

test*: bob,jane,@chessclub,@editor

If this were on site.auth.view, it would mean bob and jane are authorized to view any pages beginning with "test", as well as all members of the chessclub and editor groups. No one else. When checking permissions, BoltWire always uses the most specific settings possible. The default write permissions page, for example, includes the following lines:

group*: @editor
group.admin: @admin

This means editors can change most group pages, but group.admin can only by modified by admins. Admins are a special case in BoltWire, that inherit editor permissions automatically.

Note: The data auth page, grants authorization to fields rather than pages, and specifies who can read them. This allows you to protect passwords and email values, for example. To save a data value you must be able to read the field AND write to the page it is on.

Special Groups

There are a number of special groups in BoltWire. These are listed below:

Superadmin
This user is defined in index.php, and automatically given admin status. Their name does not have to be on page group.admin, nor can their admin status be taken away by removing their name. The {superadmin} status returns the id of this user.

Admin
Admins have the broadest permissions in BoltWire. Grant these sparingly. Admins are automatically granted editor status as well.

Editor
Editors have extensive permissions by default in BoltWire. Admin's and Editor's are the only groups that can create working forms in BoltWire--so only extend this group to trusted users. If you have volunteers who help keep your site edited, join them to some new group and give that group edit permissions. This will prevent your volunteers from being able to create live forms.

Owner
There is a built in @owner group which is generated whenever it is checking an authorization for page member.id. By default it is only used in the data auth page, to allow users to access their email and password, without letting them retrieve those fields on other member pages. It could be used to allow view or write permissions to a person's own member page. It would not include any child pages. Nor can it be used in any other hierarchies

Member
All logged in users are automatically added to this group.

Guest
All users, whether logged in or not, are added to this group.

You can create as many additional groups and as many authorization types as you wish. You can also create special temporary memberships to allow users to perform actions they would not normally be able to do. For more information, see the authkey command.

Join and Drop

The command variable differs from the function in that you can include a join or drop parameter, and modify the actual group lists. To add Bob to the chessclub group, simply use this form:

[form]
Join the Chessclub!
[submit]
[command groups id=bob join=chessclub]
[form]

When the user clicks the button, the id 'bob' is added to group.chessclub. (It defaults to the current user). Note that this form assumes the user has write permissions for group.chessclub page, in which case it migh be just as easy to add bob's name to the page directly. But suppose you wanted to allow users to join themselves to a group:

[form]
Join the Chessclub!
[submit]
[command authkey join]
[command groups id={id} join=chessclub]
[form]

Then on site.auth.write, add @key_join to the group.chessclub setting. Basically, the authkey system allows this form to write to the specified group page, even though the user may not have normal write permissions.

To drop an id from the group, simply change join=chessclub to drop=chessclub.

If a member joins the chessclub using the groups command, their permissions will be updated automatically--just as with the function.

The Groups Action

BoltWire comes with a built in groups action that is worth studying. It actually functions in two modes. If you call it directly, you can create new groups, view the members currently in each group, or delete a group. If you call it from a member page (by linking to member.bob&action=groups), it generates a list of available groups, and allows you to join them to or drop them from a group. Here is the form that does this:

[form]
[(search group=group fmt='[radio group {+p2}] {+p2}')]

[submit JOIN] [submit DROP]
[command if "submit JOIN ? join={=group} : drop={=group}"]
[command groups id={p2} join={=join} drop={=drop}]
[command nextpage {p}&action=groups]
[form]

The if command assigns a value to join or drop depending on which button they clicked. Then that value is inserted into the appropriate place in the groups command. Note that either join or drop will have a null value, which BoltWire will ignore. The groups function is also called on the page to display the current groups of the specified user. If a member is updating their own account, their permissions will be updated instantly as well.

If they do not have proper write permissions, a warning will be returned. By default, only editors can write to group pages.

Note: This command/function was formerly called "memberships". That is being deprecated, and all users are urged to update their sites. Both groups and memberships work exactly the same, but memberships will be disabled after another release or two.