Jump to content

Page view per user


Jonathan
 Share

Recommended Posts

Hi PW community,

I've been on this forum for a few months and it has been a great help! I am just a little stumped now though with an issue which I think should be simple to fix/overcome.

So a little background to this project...This is for a film distribution company who wants a secure film screening service for clients to view films. I need to set it up so that when a client logs in, they can only see the list of film pages that have been specified in the back-end. So the settings need to be on a per user basis, not per role.

Ideally, I'd like it so that under the 'user' edit page, there'd be a section to add specific films.

I'll mention that all of the films will have the same template. if that changes anything.

This is basically the same as the 'Page Edit Per User' module that Ryan created.

Any help is much appreciated!

Link to comment
Share on other sites

If I understand correctly, this could be done easily with a page field added to the user template. To access the user template, go to the templates page and click Filter > Show System Templates.

The Page field (probably ASM Select) that you add would be linked to all the film pages. So you'd just select the films they are allowed to view. 

Then in your template files you can check whether the user has the film selected before showing it in the list of films for them to watch.

Let me know if anything there doesn't make sense.

EDIT: Of course it could also be done from the other direction. The template for the films could have a page field that contains a list of all the users and you could choose which users can view the film.

You might want to consider PageAutocomplete as the Inputfield type if you end up with a lot of films / users.

  • Like 3
Link to comment
Share on other sites

Thanks for your fast reply Adrian. 

So when you say 'check whether the user has the film selected', would this check be done using a hook (either in the template file or in a module)?

I also came across Ryan's Custom Page Roles module here which I believe is basically what you're talking about here, except slightly backwards and uses roles, not users. I've been trying to re-write this to work with users but am having no such luck.

I'm new to hooks and modules but am keen to learn!

Link to comment
Share on other sites

As mentioned, add a page field to the user where you will specify the pages the user has access to. In the appropriate place (this could be the template, or else) add a function (this should be the first piece of code to execute, before any rendering) ) to check if the current page id matches one of the pages in the user's allowed page list. If the match is negative, redirect the user somewhere else. If it is positive, let the page continue to execute. I would gladly give you some code example but being on my phone right now makes it sort of hard. Hope this clears it up for you.

  • Like 2
Link to comment
Share on other sites

I've got the field to specify the pages the user has access to setup - no problem there.

I'm just not sure of the correct code to check between the current page id and the users allowed pages list. Is this something "if else" could do?

I've been trying to get things working with the if else syntax but have had no luck. 

If you could post some example code that would be a great help to push me in the right direction. 

Link to comment
Share on other sites

Ok, so if the page field that you added to the user template is called allowed_pages, then this should work:

if($user->allowed_pages->has($page)){
    echo "true";
}
else {
    echo "false";
}

It is checking that the allowed_pages field for the current user ($user) contains (has) the current page ($page) in it's array of pages.

By the way, rather than my initial suggestion of ASM Select, I would recommend: PageListSelectMultiple

  • Like 1
Link to comment
Share on other sites

Thanks Adrian & Pierre, this works! 

Are the any potential security issues with this method?

Not really sure what security issues you are thinking might exist. Using page fields and the 'has' method is a standard PW technique and there are no SQL injection possibilities with it. If you are concerned about someone being able to view the page that shouldn't, then I don't think you need to worry there either. There is no possible way to view the page unless the user has the page selected in their allowed_pages field. Does that answer your question?

Link to comment
Share on other sites

That does answer my questions, thanks.

Is there a simple way to only do the above check if the current user has a specific role e.g. 'viewer'?

There will be a couple of users who will have access to every film, but I don't want to have to add each film for those users.

Am I on the right track if if use:

if($user->hasRole($viewer))

and then do the check based on whether that returns true or false?

Thanks,

Jonathan

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...