Hi Ryan,
Thank you very much for your reply. I bet you are an extremely busy man and I appreciate taking time to answer my questions.
Yes, you are right, I'm looking for a framework and as I mentioned in my previous post, I tried several CMFs and even though they are extremely flexible, when it comes to very customized applications only you realize their limitations.
Just looking through the PW's API documentation, it seems to be able to do most of the things I want, but I only have to find the right flow.
I want strip down the structure I posted before and have the following scenarios:
1. StudentX is a simple page with the following fields:
--title
--author (a hidden field to show the relationship with UserX)
--content->a textarea field
UserX is already registered and he loges in to edit his page. He has permission only to edit his own page and nothing else.
What will be the security concerns in this case if we allow the UserX to edit StudentX page in the Backend?
2. UserY is not registred yet.
He accesses the Registration form and StudentY page is created and he's redirected to that page and he will be able to add the content of the page.
Probably the Registration Form is not that difficult to create. Just create a template and add the right Processes to it. Right?
The biggest problem is the Editing. How can I accomplish that in the Frontend?
Diogo posted this chunk of code
if($user->name === $page->name){
echo "you are allowed ";
}else{
echo "you are NOT allowed ";
}
Can you elaborate a bit? What should I add in the "you are allowed case"?
And I was thinking that the condition should be in my case
if($user->name === $page->author){
echo "you are allowed ";
}else{
echo "you are NOT allowed ";
}
because I don't see the logic in user and page name to be the same.
Thanks again! And I hope you'll have time to help me with more advises concerning this application.