2.7. Access rights

2.7.1. Idea

In LMS you may define up to 256 rules to access the system. Each can permit or deny access to defined modules. Each user can have any combination of access rules assigned to his account.

By default following access rules list is defined:

Most of them grant access to modules and two denies. Modules that user has always access are: welcome, copyrights, logout, chpasswd (chpasswd can change only own password), access to all others is defined by rules.

Note

If you don't define any access rule for user, then LMS defines 0 rule for him, which mean: full access.

2.7.2. How does it work?

Algorithm that decides whether user has access to given module or not is as following:

- First of all: checking list of modules that user always has access.
- Next: checking if module match rules in each levels user has access to.
- Finally: Decision if user is permitted to access modules. If module match to any level that denies access then access will be forbidden even if user has level that permits access to module. For example, if someone has full access and no access to "add computer" module, then he won't able to access module. If module matches level that permits access to module, then LMS will grant access to module, but if module does not match at any level then no-access-message also will be printed.

2.7.3. User-defined access rules

Advanced users can define any additional access rules or redefine existing ones. In order to do that you must make PHP script based on file lib/accesstable.php. Then set option custom_accesstable in [phpui] section to created file name.

In that way it's possible to define your own rules to allow or deny access for any modules. Module is a name of PHP file in modules directory, given without extension in access rules. For example, it's possible to define rule for invoices display (e.g. for lms-sendinvoices script) in the following way:

<?php
$access['table'][100]['name']      = 'invoices display';
$access['table'][100]['allow_reg'] = '^invoice$';
?>