Skip to main content

Authentification checker

The Auth loop perform authorisation checks against the current user. This loop returns nothing if the authorization fails, or the loop contents if it succeeds.
You may check in the front office if an administrator is logged in, and perform specific functions in your front-office template (such as direct editing, for example).
{loop type="auth" name="the-loop-name" [argument="value"], [...]}

Arguments

ArgumentDescriptionDefaultExample
accessA comma separated list of access, . If empty or missing, the authorization is checked against the roles only
Expected values
moduleA comma separated list of modules
resourceA comma separated list of resources
role *A comma separated list of user rolesrole="ADMIN" or can be role="CUSTOMER"

Examples

I want to check if current administrator is allowed tu use the back-office search function.

{loop type="auth" name="can_create" role="ADMIN" resource="admin.administrator" access="CREATE"}
<a title="{intl l='Create a new administrator'}" href="#administrator_create_dialog" data-toggle="modal">
<span class="glyphicon glyphicon-plus"></span>
</a>
{/loop}

The role is ADMIN, which mean that the current user should have the "ADMIN" role. The permission is "admin.administrator", which is the identifier of the administrator permission. According to the access attribute, the current user should have the CREATE permission. I want to check if the customer is logged in, or not.

{loop type="auth" name="customer_info_block" role="CUSTOMER"}
<p>Your are logged in. <a href="{viewurl view='index' action='logoutCustomer'}">Logout</a></p>
{/loop}

{elseloop rel="customer_info_block"}
You are not logged in. <a href="{viewurl view='login'}">Login now</a> or <a href="{viewurl view='create_account'}">create your account</a>
{/elseloop}

Access possible values

Arguments

value
CREATE
DELETE
UPDATE
VIEW