scutter Posted December 29, 2013 Share Posted December 29, 2013 I've been exploring ProcessWire for the past week and really like the simplicity, power, and flexibility. The site that I plan to build will have a member login, and also a member directory. I want members to be able to view the profiles of other members, but guest should not be allowed to view the member profiles. I have a 'member' role defined and have added additional fields to the user template. I was experimenting with the access control for the user "pages", but wasn't getting the behavior I expected. I modified the user template to allow page view for the member role, expecting all selectors to filter appropriately. When I use selectors with a path for the users like this: $pages->find("parent=/processwire/access/users, limit=50") I get inconsistent results. The guest user usually ends up getting a non-empty page array, meaning it found users, even though the guest user doesn't have the member role, so should never get any users in the results. The results were fickle - some selectors worked as I expected, others didn't. I did a similar experiment with regular pages, not the user "pages", and the results were what I expected. The results of the selector are filtered appropriately based on the role of the user executing the selector - only users with the member role got any user results. The selector below worked consistently - guest never found any user pages since it doesn't have the member role. $pages->find("template=user") and I can add roles=member to remove the admin and guest users from the results. This is mostly a theoretical question on what's the right way to search for members, since I am also adding the member role restriction to any page that would browse or access user pages, so no non-member would ever run these selectors. But what is the "right" way to get the list of members with access control applied? Thanks, --Sharon Link to comment Share on other sites More sharing options...
slkwrm Posted December 29, 2013 Share Posted December 29, 2013 Hi, scutter.From the first glance it seems your selector should work as expected, not sure why it doesn't. Have you tried to use $users->find("limit=50") instead of $pages? Does it make any difference? Link to comment Share on other sites More sharing options...
scutter Posted December 29, 2013 Author Share Posted December 29, 2013 Using $users->find() also does not apply access control - when logged in as guest this returns all users. Thanks, --Sharon Link to comment Share on other sites More sharing options...
Soma Posted December 29, 2013 Share Posted December 29, 2013 I don't think you can use the user pages to use access control for front end. User pages are special pages and I think not meant to be used as viewable pages on the front end anyway. Since you're speaking of front end users, you just get the users the members "can view" according to some "virtual" rules and use API to list their profiles using a dedicated page/template. I.e. /users/profile/xyz and use urlSegments to control the listing. On front end you're free to check for access and do what is needed to show or hide stuff. You member role would also be just a guest role with only view access since they won't need or have admin access. So it's up to you to control that in your templates. Just a dummy example. if($user->hasRole("member")) { $members = $users->find("roles=member"); .... } else { echo "Sorry, you're not allowed to view."; } 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now