Manually overriding ACL for plugin record?

We are currently developing a small plugin for Omeka Classic that adds functionality for adding omeka users into user groups. This is because we want to show the same same user profile for multiple users in our exhibits.

Our plugin currently uses two database tables, one stores the groups (name, info etc) and one holds the affiliated users (user_id, group_id).

One feature we’re planning is that all users belonging to a specific group should be able to edit that groups details. But how could we manage this? The group records currently has no owner and so the usual actions like “edit” and “delete” will not work since the ACL cannot assert ownership?

And tips or thoughts about the best way to solve this? Is there a way to manually override Omeka_Acl_Assert_Ownership or something similar?

You’ll probably want to use the define_acl hook to create a resource and permissions for that resource. Then you tie your resource to your model with the Zend_Acl_Resource_Interface. It is possible to use a Zend assertion when defining the ACL to check if the user belongs to the correct group when editing your record.

I have a somewhat related plugin to assign users to specific ExhibitBuilder exhibits that may be of help to see how it is all set up.

1 Like

Yeah, just generally, there’s nothing really “special” about the “Ownership” assertion; you can write your own assert class that runs off whatever data/logic you want it to. We just use Ownership internally because we have many different kinds of resources that all have similar rules about who should be able to edit/delete/etc. them.

1 Like

Perfect! I used your plugins assertion as a boilerplate and got everything working as intended. Thanx for sharing!