Posted on: 04/13/03 08:41pm
By: Candi
I've created a custom group called Authors with permissions different than any others. Is there any way that I can make it so that only members of the same group, Authors, can view others' user profiles? I don't want visitors or even logged in users to be able to send email to my members unless I've assigned them to this particular group.
Thanks again for such an AWESOME application. I am in LOVE with Geeklog. Haven't been able to leave it alone for 72 hours now. ;-)
group permissions
Posted on: 04/14/03 01:05am
By: Blaine
I don't believe there is a way wihout putting a hook into users.php where the profile is called up.
It would be a quick hack to add a test such as
if (SEC_inGroup('MyGroup')) {
... then view profile
} else {
... some message
}
group permissions
Posted on: 04/14/03 01:31am
By: Candi
Hmmm... I'm not good at hacking unless it's super specific. Haha.
So if the code in users.php is this:
function userprofile($user)
{
global $_TABLES, $_CONF, $_USER, $LANG04, $LANG01, $LANG_LOGIN, $_GROUPS;
if (empty ($_USER['username']) &&
(($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) {
$retval .= COM_startBlock($LANG_LOGIN[1]);
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file (array ('login'=>'submitloginrequired.thtml'));
$login->set_var ('login_message', $LANG_LOGIN[2]);
$login->set_var ('site_url', $_CONF['site_url']);
$login->set_var ('lang_login', $LANG_LOGIN[3]);
$login->set_var ('lang_newuser', $LANG_LOGIN[4]);
$login->parse ('output', 'login');
$retval .= $login->finish ($login->get_var('output'));
$retval .= COM_endBlock();
return $retval;
}
Where would I put
if (SEC_inGroup('Authors'))
? Could you give me a search and replace or add in to test?
group permissions
Posted on: 04/14/03 02:01am
By: rawdata
Find this section of code in the function userprofile located in users.php:
$result = DB_query("SELECT username,fullname,regdate,homepage,about,pgpkey,photo FROM {$_TABLES['userinfo']},{$_TABLES["users"]} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = $user"
;
$nrows = DB_numRows($result);
if ($nrows == 0) { // no such user
return COM_refresh ($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
Add this little code snippet immediately below that section:
if (SEC_inGroup('Authors',$user)) {
if (!SEC_inGroup('Authors',$_USER['uid'])) {
return COM_refresh ($_CONF['site_url'] . '/index.php');
}
}
This will limit profile viewing of those in the "Authors" group only by members of that same group. Anyone else can still view profiles but will be taken back to the main page if he tries to access the profile of someone belonging to "Authors".
group permissions
Posted on: 04/14/03 02:19am
By: rawdata
On second thought, put that little snippet right below this line:
global $_TABLES, $_CONF, $_USER, $LANG04, $LANG01, $LANG_LOGIN, $_GROUPS;
and above this section of code in function userprofile:
if (empty ($_USER['username']) &&
(($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) {
$retval .= COM_startBlock($LANG_LOGIN[1]);
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file (array ('login'=>'submitloginrequired.thtml'));
$login->set_var ('login_message', $LANG_LOGIN[2]);
$login->set_var ('site_url', $_CONF['site_url']);
$login->set_var ('lang_login', $LANG_LOGIN[3]);
$login->set_var ('lang_newuser', $LANG_LOGIN[4]);
$login->parse ('output', 'login');
$retval .= $login->finish ($login->get_var('output'));
$retval .= COM_endBlock();
return $retval;
}
This will save you a database call. If you require logging in to access profiles, the visitor won't be wasting his time logging in only to find out he can't view a profile for someone in that Group. The snippet does a page redirect, but you can add an error message if you want.
group permissions
Posted on: 04/25/03 08:49pm
By: Candi
Oh, you rock. That worked wonderfully. Thank you so much! :-)