NewsPlublisher - how to allow to edit doc only for the users that created them?

221 Posts

Hello,
Please advice me ...

In one folder I will enable webusers to create documents (in frontend with NewsPublisher). There is no problem with it.
But then I want to make this restriction, so that loged webusers can edit only documents that they created - and don't have any idea how to do it....
I'm running Revo 2.1.3 & newspublisher 1.2.0

Lucas from AroundCyprus.net

24,544 Posts

BobRay Reply #2, 12 years, 7 months ago

I can't think of an easy way to do that. I haven't tested this, but it might work. Put a snippet at the top of the NewsPublisher page with this content:

if (isset($_POST['np_existing']) && $_POST['np_existing'] == 'true') {
   $res = $modx->getObject('modResource', $_POST['np_doc_id'] );
   if ($res && $mod->user) {
      if ($modx->user->get('id') != $res->get('createdby') ) {
         return ('Sorry -- Not your Document');
         /* or your could forward the user somewhere */
         $modx->sendRedirct('Url/to/other/page');
      }
   }
}

[ed. note: BobRay last edited this post 12 years, 7 months ago.]

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

50 Posts

dantarifa Reply #3, 12 years, 5 months ago

Hi BobRay,
Did you ever test this out or take this further? I really want to be able to do the following:
when a front-end user logs in

show them a list of the resources they created
allow them to edit/delete those resources
allow them to create new resources (this part seems to be no problem with NewsPublisher)

I have finally made the switch to Revo and my first project on the new platform is a tricky one! I take it that if I get as far as listing the resources that the user owns then I can use the snippet you posted above on the view resource page but I would really appreciate if you could point me in the right direction as to listing the resources that the user owned.
Maybe this is more a getresource question than a NewsPublisher one....need to pass a parameter to getresource to retrieve only docuemnts where 'createdby' => '$authorid' ?

http://www.valdelama.com

24,544 Posts

BobRay Reply #4, 12 years, 5 months ago

I've never had the need to use it.

Showing the users a list of their resources is fairly easy with a custom snippet and you could put an "Edit" button next to each one that would let them edit the pages using the NpEditThisButton snippet. This will get their resources:

<?php
$resources = $modx->user->getMany('CreatedResources'); 
foreach($resources as $resource) {
    $pagetitle = $resource->get('pagetitle');
    $output = '<br /'> . $pagetitle .  ' [[!NpEditThisButton? &np_edit_id=`' .  $resource->get('id') . '`]]'; 
}
return $output;

You'll have to alter the NpEditThisButton button.css file to prevent the absolute positioning of the button (otherwise, all the buttons will be in the same spot and you'll just see the top one).

Putting the snippet from my earlier post on each page will kick out any users who guess the URL but didn't create the resource.

If you set all new resources to be hidden from menus and the users won't be inside the Manager, you shouldn't need to mess with the permission system.

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

50 Posts

dantarifa Reply #5, 12 years, 5 months ago

Thanks BobRay! I'm looking forward to setting this up and getting to grips with Revo. I really appreciate your help.

http://www.valdelama.com

24,544 Posts

BobRay Reply #6, 12 years, 5 months ago

Don't thank me until it works. wink

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

50 Posts

fab Reply #7, 11 years, 8 months ago

Hi all, don't know if you got a good solution. Try this one;

[[!Profile]]
[[!If? &subject=`[[+username]]` &operator=`EQ` &operand=`[[*createdby:userinfo=`username`]]` &then=`[[!NpEditThisButton? &np_id=`[[*NpId]]` ]]`
&else=``
]]

This solution works for me but I don't know how to control user to be able to access to the assets folder that they created. Anyone have a solution?

http://www.fabwebdesign.com.au

24,544 Posts

BobRay Reply #8, 11 years, 8 months ago

Nice solution. I think you might be able to use Media Sources to limit users to their own assets directories, but I've never tried it.

------------------------------------------------------------------------------------------
PLEASE, PLEASE specify the version of MODX you are using.
MODX info for everyone: http://bobsguides.com/modx.html

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

50 Posts

fab Reply #9, 11 years, 8 months ago

Hi Bob,

I tried to set

basePath = assets/uploads/[[++id]]/

but didn't work. Any idea? [ed. note: fab last edited this post 11 years, 8 months ago.]

http://www.fabwebdesign.com.au

☆ A M B ☆
24,524 Posts

sottwell Reply #10, 11 years, 8 months ago

That would indicate a system-setting of id; do you mean the ID of the user, or the ID of the resource?

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org