select box TV corresponding to user group rights

97 Posts

sspind Reply #1, 8 years ago

Thanks to the article "creating a multi-select-box" I can get my list options out of the ressource pagetitle for newspublisher entries. This works fine for me!
I tried to alter the snippet to group dependance and by checking some ressources to "limited" ([[*description]] - Text == "eingeschraenkt", which means "limited").
Due to my still weak snipped knowlege I think I have some issues in it. Could you give that a check, please, maybe this isnt the right way, to solve it:

//get current logged in user
$c = $modx->newQuery('modUser', array('internalKey' => $currentUser,));

// get member group id of logged in user
$c->innerJoin ('modUserGroupMember','UserGroupMembers');
$c->innerJoin ('modUserGroup','UserGroup','`UserGroupMembers`.`user_group` = `UserGroup`.`id`');

// get user-array together, 8,9 are "superuser" groups

$c->select(array(

    'modUserGroupMembers.*'

));

$c->where(array(

    'UserGroupMembers.user_group:IN' => array('8','9') //user groups with full listing rights

));

$users = $modx->getCollection("modUser",$c);

//copied script - part, article "creating a multi-select-box",  working
$parent = $modx->getOption('parent',$scriptProperties,47);

$parentObj = $modx->getObject('modResource',$parent);

if (!($parentObj instanceof modResource)) { return ''; }

$resArray = $parentObj->getMany('Children');

$resources = array();

foreach($resArray as $res) {

  if ($res instanceof modResource) {

//addition to working code - check if user is in 'superlevel' group by checking if $ user !=null AND if ressource is limited by marker (marker: [[*description]] == 'eingeschraenkt')

if (($res->get('description')!= "eingeschraenkt") && ($users != null) )

{
//finish addition
  $resources[] = $res->get('pagetitle') . '==' . $res->get('id');
// closing brake
}

  }

}

$out = implode("||",$resources);

return $out;

This question has been answered by multiple community members. See the first response.

97 Posts

sspind Reply #2, 8 years ago

I get out an error:

[2016-04-13 11:46:43] (ERROR @ /index.php) Error 42000 executing statement:
Array
(
[0] => 42000
[1] => 1064
[2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND `UserGroupMembers`.`user_group` IN ('8','9') )' at line 1
)

discuss.answer

5,888 Posts

Bruno17 Reply #3, 8 years ago

isn't it something like that, what you want?

<?php

$superusergroups = $modx->getOption('superusergroups', $scriptProperties, '8,9');
$parent = $modx->getOption('parent', $scriptProperties, 47);

$superusergroups = explode(',', $superusergroups);
$groups = $modx->user->getUserGroups();

$has_permission = false;
foreach ($superusergroups as $group) {
    if (in_array($group, $groups)) {
        $has_permission = true;//user is in one of the superusergroups
    }
}

$resources = array();
if ($has_permission && $parentObj = $modx->getObject('modResource', $parent)) {
    $c = $modx->newQuery('modResource');
    $c->where(array('description:!=' => 'eingeschraenkt'));

    if ($resArray = $parentObj->getMany('Children', $c)) {
        foreach ($resArray as $res) {
            if ($res instanceof modResource) {
                $resources[] = $res->get('pagetitle') . '==' . $res->get('id');
            }
        }
    }
}

$out = implode("||", $resources);

return $out;

and why not putting the 'eingeschraenkt' resources into a resourcegroup and get only resources, which aren't in a 'eingeschraenkt' resource-group, instaed of using the description-field for that.

-------------------------------

you can buy me a beer, if you like MIGX

http://webcmsolutions.de/migx.html

Thanks!

97 Posts

sspind Reply #4, 8 years ago

Thank you Bruno, for your script.
I think it is a little bit different because I dont want to preselect users by superusergroup and ressource - description "eingeschraenkt". It depends on the editor, who visits the page and his rights, which options he sees. Your idea about resource-group is more than reasonable so I added the ressource group "Profikurs". This is the modyfied script, which seems to have an issue again:

<?php
$superusergroups = $modx->getOption('superusergroups', $scriptProperties, '8,9');
$parent = $modx->getOption('parent', $scriptProperties, 47);
 
$superusergroups = explode(',', $superusergroups);
$groups = $modx->user->getUserGroups();
 
$has_permission = false;
$accepted = false; //see below

foreach ($superusergroups as $group) {
    if (in_array($group, $groups)) {
        $has_permission = true;//user is in one of the superusergroups
    }
}


$resources = array();
if ($parentObj = $modx->getObject('modResource', $parent)) {
    $c = $modx->newQuery('modResource');


    if ($resArray = $parentObj->getMany('Children', $c)) {
        foreach ($resArray as $res) {


            if ($res instanceof modResource) {

			//Getting group of Ressource
			$rgrouplist = $res->getGroupsList();
			$rgroups = array();
 
		foreach ($rgroupslist['collection'] as $rgroup) {

		if ($resource->isMember($rgroup->get('Profikurs'),false) //Ressource is not Member of Ressourcegroup "Profikurs", so listing is always allowed and not dependend on rights.
		{
		$accepted = true; //set accepted to true
		}
		else if ($resource->isMember($rgroup->get('Profikurs')) && $has_permission) {
        // do something
		$accepted = true;
   		 }
		 else
		 {
		$accepted = false;
		 }


	}

} 		if ($accepted) { 
                $resources[] = $res->get('pagetitle') . '==' . $res->get('id');
		$accepted = false; //reset accepted to false
				}
            }
        }
    }
}
 
$out = implode("||", $resources);
 
return $out;

5,888 Posts

Bruno17 Reply #5, 8 years ago

Since getCollection on modResource is checking for load-permissions and if you have resources now added to resource-groups and usergroups to resource-groups with proper permissions(load) this should just work:

$parent = $modx->getOption('parent', $scriptProperties, 47);

$resources = array();
if ($collection = $modx->getCollection('modResource',array('parent' => $parent)){
    foreach ($collection as $res){
        $resources[] = $res->get('pagetitle') . '==' . $res->get('id');    
    }
}

$out = implode("||", $resources);
  
return $out;

-------------------------------

you can buy me a beer, if you like MIGX

http://webcmsolutions.de/migx.html

Thanks!

97 Posts

sspind Reply #6, 8 years ago

I changed that and sanitized the script but there seems to be a mistake in row 29 foreach: Something with the groupslist() argument:

<?php
$superusergroups = $modx->getOption('superusergroups', $scriptProperties, '8,9');
$parent = $modx->getOption('parent', $scriptProperties, 47);
  
$superusergroups = explode(',', $superusergroups);
$groups = $modx->user->getUserGroups();
  
$has_permission = false;
$accepted = false; //see below
 
foreach ($superusergroups as $group) {
    if (in_array($group, $groups)) {
        $has_permission = true;//user is in one of the superusergroups
    }
}
 
 
$resources = array();
if ($collection = $modx->getCollection('modResource',array('parent' => $parent))){

        foreach ($collection as $res){
 
            if ($res instanceof modResource) {
 
            //Getting group of Ressource
            $rgrouplist = $res->getGroupsList();
            $rgroups = array();
  
        foreach ($rgroupslist['collection'] as $rgroup) {
 
        if ($resource->isMember($rgroup->get('Profikurs'),false)) //Ressource is not Member of Ressourcegroup "Profikurs", so listing is always allowed and not dependend on rights.
        {
        $accepted = true; //set accepted to true
        }
        else if ($resource->isMember($rgroup->get('Profikurs')) && $has_permission) {
        // do something
        $accepted = true;
         }
         else
         {
        $accepted = false;
         }
 
 
    }
 
}       if ($accepted) { 
                $resources[] = $res->get('pagetitle') . '==' . $res->get('id');
        $accepted = false; //reset accepted to false
                }
            }
        }
    

  
$out = implode("||", $resources);
  
return $out;

?>

5,888 Posts

Bruno17 Reply #7, 8 years ago

ok, if you want todo it this way, then try this:

<?php

$superusergroups = $modx->getOption('superusergroups', $scriptProperties, '8,9');
$parent = $modx->getOption('parent', $scriptProperties, 47);

$superusergroups = explode(',', $superusergroups);
$groups = $modx->user->getUserGroups();

$has_permission = false;
$accepted = false; //see below

foreach ($superusergroups as $group) {
    if (in_array($group, $groups)) {
        $has_permission = true; //user is in one of the superusergroups
    }
}


$resources = array();
if ($collection = $modx->getCollection('modResource', array('parent' => $parent))) {

    foreach ($collection as $res) {
        if ($res instanceof modResource) {
            if ($res->isMember('Profikurs')) {
                if ($has_permission) {
                    $accepted = true;
                }
            } else {
                $accepted = true;
            }
        }

        if ($accepted) {
            $resources[] = $res->get('pagetitle') . '==' . $res->get('id');
        }
        $accepted = false; //reset accepted to false
    }
}


$out = implode("||", $resources);

return $out;

?>

but if you had setup your resourcegroups/usergroups/context-permissions properly, you dont't need all that stuff and getCollection alone should do what you want.

-------------------------------

you can buy me a beer, if you like MIGX

http://webcmsolutions.de/migx.html

Thanks!

97 Posts

sspind Reply #8, 8 years ago

With this script above now I get a server error without any log information. php-script is sanitized well.

The two super-usergroups (8,9) are setup with ressource-group-access to "Profikurs", guideline: Context; context: web - which should work for newspublisher output (and has worked before). At least the options without any restrictions should show up. Whats wrong?

Additionally the "Profikurs" - ressources do not show up for anonymous usergroup (simple visitors) although they have "Load, List and view" access to the group. [ed. note: sspind last edited this post 8 years ago.]

5,888 Posts

Bruno17 Reply #9, 8 years ago

I've thought the Profikurs - Resources should only be shown for 'superusers' ?
Did you try the corrected version above or the one, which you got with the notify-email?

-------------------------------

you can buy me a beer, if you like MIGX

http://webcmsolutions.de/migx.html

Thanks!

97 Posts

sspind Reply #10, 8 years ago

No, sorry, its a little bit more complicated:

"Thanks to the article "creating a multi-select-box" I can get my list options out of the ressource pagetitle for newspublisher entries."

The resources themselves should show up publically but the pagetitles should show up in the list fields of a Newspublisher form after the rights (superuser, Profikurs, .. ) as I mentioned.

I used your last script above.

Thanks Bruno, I dont know what do do without your help.

Answered select box TV corresponding to user group rights