Jump to content

Creating a selector for members/users


scutter
 Share

Recommended Posts

I've been exploring ProcessWire for the past week and really like the simplicity, power, and flexibility.  The site that I plan to build will have a member login, and also a member directory.  I want members to be able to view the profiles of other members, but guest should not be allowed to view the member profiles.  I have a 'member' role defined and have added additional fields to the user template.

I was experimenting with the access control for the user "pages", but wasn't getting the behavior I expected.  I modified the user template to allow page view for the member role, expecting all selectors to filter appropriately.  When I use selectors with a path for the users like this:

  $pages->find("parent=/processwire/access/users,  limit=50")

I get inconsistent results. The guest user usually ends up getting a non-empty page array, meaning it found users, even though the guest user doesn't have the member role, so should never get any users in the results. The results were fickle - some selectors worked as I expected, others didn't.

I did a similar experiment with regular pages, not the user "pages", and the results were what I expected. The results of the selector are filtered appropriately based on the role of the user executing the selector - only users with the member role got any user results.

The selector below worked consistently - guest never found any user pages since it doesn't have the member role.

  $pages->find("template=user")

and I can add roles=member to remove the admin and guest users from the results.

This is mostly a theoretical question on what's the right way to search for members, since I am also adding the member role restriction to any page that would browse or access user pages, so no non-member would ever run these selectors. But what is the "right" way to get the list of members with access control applied?

Thanks,

  --Sharon

Link to comment
Share on other sites

I don't think you can use the user pages to use access control for front end. User pages are special pages and I think not meant to be used as viewable pages on the front end anyway.

Since you're speaking of front end users, you just get the users the members "can view" according to some "virtual" rules and use API to list their profiles using a dedicated page/template. I.e. /users/profile/xyz and use urlSegments to control the listing.

On front end you're free to check for access and do what is needed to show or hide stuff. You member role would also be just a guest role with only view access since they won't need or have admin access. So it's up to you to control that in your templates.

Just a dummy example.

if($user->hasRole("member")) {
    $members = $users->find("roles=member");
    ....
} else {
    echo "Sorry, you're not allowed to view.";
}
  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...