Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 11:46 am EDT

Geeklog Forums

group permissions


Status: offline

Candi

Forum User
Junior
Registered: 04/13/03
Posts: 15
I've created a custom group called Authors with permissions different than any others. Is there any way that I can make it so that only members of the same group, Authors, can view others' user profiles? I don't want visitors or even logged in users to be able to send email to my members unless I've assigned them to this particular group. Thanks again for such an AWESOME application. I am in LOVE with Geeklog. Haven't been able to leave it alone for 72 hours now. ;-)
 Quote

Status: offline

Blaine

Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
I don't believe there is a way wihout putting a hook into users.php where the profile is called up. It would be a quick hack to add a test such as if (SEC_inGroup('MyGroup')) { ... then view profile } else { ... some message }
Geeklog components by PortalParts -- www.portalparts.com
 Quote

Status: offline

Candi

Forum User
Junior
Registered: 04/13/03
Posts: 15
Hmmm... I'm not good at hacking unless it's super specific. Haha.

So if the code in users.php is this:

function userprofile($user) { global $_TABLES, $_CONF, $_USER, $LANG04, $LANG01, $LANG_LOGIN, $_GROUPS; if (empty ($_USER['username']) && (($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) { $retval .= COM_startBlock($LANG_LOGIN[1]); $login = new Template($_CONF['path_layout'] . 'submit'); $login->set_file (array ('login'=>'submitloginrequired.thtml')); $login->set_var ('login_message', $LANG_LOGIN[2]); $login->set_var ('site_url', $_CONF['site_url']); $login->set_var ('lang_login', $LANG_LOGIN[3]); $login->set_var ('lang_newuser', $LANG_LOGIN[4]); $login->parse ('output', 'login'); $retval .= $login->finish ($login->get_var('output')); $retval .= COM_endBlock(); return $retval; }

Where would I put

if (SEC_inGroup('Authors'))

? Could you give me a search and replace or add in to test?

 Quote

Status: offline

rawdata

Forum User
Full Member
Registered: 02/17/03
Posts: 236
Find this section of code in the function userprofile located in users.php: $result = DB_query("SELECT username,fullname,regdate,homepage,about,pgpkey,photo FROM {$_TABLES['userinfo']},{$_TABLES["users"]} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = $user"Wink; $nrows = DB_numRows($result); if ($nrows == 0) { // no such user return COM_refresh ($_CONF['site_url'] . '/index.php'); } $A = DB_fetchArray($result); Add this little code snippet immediately below that section: if (SEC_inGroup('Authors',$user)) { if (!SEC_inGroup('Authors',$_USER['uid'])) { return COM_refresh ($_CONF['site_url'] . '/index.php'); } } This will limit profile viewing of those in the "Authors" group only by members of that same group. Anyone else can still view profiles but will be taken back to the main page if he tries to access the profile of someone belonging to "Authors".
 Quote

Status: offline

rawdata

Forum User
Full Member
Registered: 02/17/03
Posts: 236
On second thought, put that little snippet right below this line: global $_TABLES, $_CONF, $_USER, $LANG04, $LANG01, $LANG_LOGIN, $_GROUPS; and above this section of code in function userprofile: if (empty ($_USER['username']) && (($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) { $retval .= COM_startBlock($LANG_LOGIN[1]); $login = new Template($_CONF['path_layout'] . 'submit'); $login->set_file (array ('login'=>'submitloginrequired.thtml')); $login->set_var ('login_message', $LANG_LOGIN[2]); $login->set_var ('site_url', $_CONF['site_url']); $login->set_var ('lang_login', $LANG_LOGIN[3]); $login->set_var ('lang_newuser', $LANG_LOGIN[4]); $login->parse ('output', 'login'); $retval .= $login->finish ($login->get_var('output')); $retval .= COM_endBlock(); return $retval; } This will save you a database call. If you require logging in to access profiles, the visitor won't be wasting his time logging in only to find out he can't view a profile for someone in that Group. The snippet does a page redirect, but you can add an error message if you want.
 Quote

Status: offline

Candi

Forum User
Junior
Registered: 04/13/03
Posts: 15
Oh, you rock. That worked wonderfully. Thank you so much! :-)
 Quote

All times are EDT. The time is now 11:46 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content