#2354 1.9.2 ability to override standard access rule per area/room

[Thomas S.]

Hi

MRBS version: 1.9.2 (svn branch for ldap-groups)

This is related to:
https://sourceforge.net/p/mrbs/support-requests/2314/?page=1

It would be nice if you can make the default access rule configurable per Area. In my use case i need the following for an area

-logged in users -> read
-users in a special ldap group (via a role) -> write

I was able to achieve this by modifying

lib/MRBS/Area.php

  public function getDefaultRule($user)
  {
    // Every area except one has the default permissions
    if ($this->id != 7)  // or whatever the id of your area is
    {
      return parent::getDefaultRule($user);
    }

    // The special area has restricted permissions
    $result = new AreaRule();

    $result->state = $result::GRANTED;

    if (!isset($user) || empty($user->level))
    {
      $result->permission = $result::READ;
    }
    elseif ($user->isAdmin())
    {
      $result->permission = $result::ALL;
    }
    else
    {
      // Modified from the standard WRITE
      $result->permission = $result::READ;
    }

    return $result;
  }

This is needed because the system-wide default access rule is
-logged in users -> write

It would be even better to make this inheritable and overridable from area -> room

So if an area has 5 rooms, 4 of them could have a different default access rule and the 5th has the system-wide default access rule

Best,
Thomas