MODX :: NewsPlublisher - how to allow to edit doc only for the users that created them?

154

lx Reply #1, 8 months, 2 weeks ago

Link to this post#1

Hello,
Please advice me ...

In one folder I will enable webusers to create documents (in frontend with NewsPublisher). There is no problem with it.
But then I want to make this restriction, so that loged webusers can edit only documents that they created - and don't have any idea how to do it....
I'm running Revo 2.1.3 & newspublisher 1.2.0

11,692

PLEASE, PLEASE specify the version of MODX you are using . . . PLEASE!

MODx info for everyone: http://bobsguides.com/MODx.html

BobRay Reply #2, 8 months, 2 weeks ago

Link to this post#2

I can't think of an easy way to do that. I haven't tested this, but it might work. Put a snippet at the top of the NewsPublisher page with this content:

if (isset($_POST['np_existing']) && $_POST['np_existing'] == 'true') {
   $res = $modx->getObject('modResource', $_POST['np_doc_id'] );
   if ($res && $mod->user) {
      if ($modx->user->get('id') != $res->get('createdby') ) {
         return ('Sorry -- Not your Document');
         /* or your could forward the user somewhere */
         $modx->sendRedirct('Url/to/other/page');
      }
   }
}

26

Web and Graphic Design - more info at http://www.vidamedia.es

dantarifa Reply #3, 6 months, 1 week ago

Link to this post#3

Hi BobRay,
Did you ever test this out or take this further? I really want to be able to do the following:
when a front-end user logs in

show them a list of the resources they created
allow them to edit/delete those resources
allow them to create new resources (this part seems to be no problem with NewsPublisher)

I have finally made the switch to Revo and my first project on the new platform is a tricky one! I take it that if I get as far as listing the resources that the user owns then I can use the snippet you posted above on the view resource page but I would really appreciate if you could point me in the right direction as to listing the resources that the user owned.
Maybe this is more a getresource question than a NewsPublisher one....need to pass a parameter to getresource to retrieve only docuemnts where 'createdby' => '$authorid' ?

11,692

PLEASE, PLEASE specify the version of MODX you are using . . . PLEASE!

MODx info for everyone: http://bobsguides.com/MODx.html

BobRay Reply #4, 6 months, 1 week ago

Link to this post#4

I've never had the need to use it.

Showing the users a list of their resources is fairly easy with a custom snippet and you could put an "Edit" button next to each one that would let them edit the pages using the NpEditThisButton snippet. This will get their resources:

<?php
$resources = $modx->user->getMany('CreatedResources'); 
foreach($resources as $resource) {
    $pagetitle = $resource->get('pagetitle');
    $output = '<br /'> . $pagetitle .  ' [[!NpEditThisButton? &np_edit_id=`' .  $resource->get('id') . '`]]'; 
}
return $output;

You'll have to alter the NpEditThisButton button.css file to prevent the absolute positioning of the button (otherwise, all the buttons will be in the same spot and you'll just see the top one).

Putting the snippet from my earlier post on each page will kick out any users who guess the URL but didn't create the resource.

If you set all new resources to be hidden from menus and the users won't be inside the Manager, you shouldn't need to mess with the permission system.

26

Web and Graphic Design - more info at http://www.vidamedia.es