Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2012-11-21 12:39:53

Manaus
Member
From: Turin, Italy
Registered: 2010-10-22
Posts: 252
Website

Restricted Author privs

Hello,
I need to set up a website for a unknown (and growing) users base. They should be able to

  • see only their own articles (solved with asv_auth_articles)
  • post only in one section of the website (‘blog’)
  • see only their uploaded images (solution mentioned here), but not working
  • use an avatar and a little bio page..

Thanks for any suggestion…

Offline

#2 2012-11-21 13:03:31

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,795
Website GitHub

Re: Restricted Author privs

Manaus wrote:

see only their own articles / images

Have a look at the plugin code I gave away free at the bottom of the How to write a plugin article on txpmag. That will do exactly that.

post only in one section of the website (‘blog’)

Again, this is easily achievable with a little custom plugin (that could be in the same plugin code as above) that hooks into the pluggable_ui() framework.. I’m sure there was some code on the forum somewhere to do that but I can’t find it right now.

use an avatar and a little bio page..

You could try smd_bio for that.

Last edited by Bloke (2012-11-21 13:03:44)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#3 2012-11-21 13:17:37

Manaus
Member
From: Turin, Italy
Registered: 2010-10-22
Posts: 252
Website

Re: Restricted Author privs

Thanks Bloke you are the one ;)

Offline

#4 2012-11-21 13:46:24

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,795
Website GitHub

Re: Restricted Author privs

Ah, here it is but it won’t work on 4.5.x. The code to do that is:

if (@txpinterface == 'admin') {
	register_callback('smd_per_sec', 'article_ui', 'section');
}

function smd_per_sec($event, $step, $data, $record) {
	global $txp_user;

	$safe_user = doSlash($txp_user);
	$privs = safe_field('privs', 'txp_users', "name='$safe_user'");

	$out = '';

	// Admins can see everything
	if ($privs !== '1') {
		$seclist = array();
		$default_sec = get_pref('default_section');

		// Get all sections from the database
		$rs = safe_rows('name, title', 'txp_section', "1=1");

		foreach ($rs as $sec) {
			// Can only see the section if this user has privs for "section.{section_name}"
			// or it's the default section
			if (has_privs('section.'.$sec['name']) || $sec['name'] === $default_sec) {
				$seclist[$sec['name']] = $sec['title'];
			}
		}

		// Build the filtered select list...
		$seclist = selectInput('Section', $seclist, $record['Section'], false, '', 'section');

		// ... and display it
		$out = n.graf('<label for="section">'.gTxt('section').'</label> '.
			'<span>['.eLink('section', '', '', '', gTxt('edit')).']</span>'.br.
			$seclist).n.'</fieldset>';
	}

	return $out;
}

If you have smd_user_manager installed you can then create priv rules for your user base by assigning section.sec_name privs to grant publishing access to the given section(s).

Last edited by Bloke (2012-11-21 13:49:14)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#5 2012-11-21 16:00:43

Manaus
Member
From: Turin, Italy
Registered: 2010-10-22
Posts: 252
Website

Re: Restricted Author privs

Thanks Bloke,
section.sec_name would be “section.sec_name” or e.g. “section.blog”?
What do you mean by “you can then go and add privs areas for sections you want users to be able to publish to”, mentioned in the article ?

Offline

#6 2012-11-21 22:30:31

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,795
Website GitHub

Re: Restricted Author privs

Manaus wrote:

section.sec_name would be “section.sec_name” or e.g. “section.blog”?

Well in your case I guess you’d make ‘blog’ your default section, so it won’t matter because that will always be available to everyone. But if you wanted to allow, say, Copy Editors to post to the section named ‘star-trek’ then yes you’d need to create a priv area called section.star-trek against the Copy Editor group. Just create priv area rules like that for whichever section names you want to grant access.

What do you mean by “you can then go and add privs areas for sections you want users to be able to publish to”

Ah yes, sorry. The thing I linked to was referring to smd_user_manager. That has the ability to create arbitrary privs like this with ease from its management panel. The other way to do it is by editing admin_config.php (but that’s not advisable), or by simply adding the relevant privs in a tiny plugin — perhaps part of the same plugin you use to restrict the users to post to sections and show only their own content. You add privileges like this:

add_privs('section.star-trek', '3,4');

That would tell the plugin I posted above that Copy Editors and Staff Writers can post in the ‘star-trek’ section. Since you’re customising the admin side that may be the easiest way to do things, but consider this: if you’re going to allow users to update their bios from the admin side, then smd_user_manager will allow you to make new groups that you can set up to only have access to the Admin->Users, Write and Articles panels (for example).

smd_user_manager automatically gives everyone access to their own bio info (normally only Publishers can edit user info) and it interfaces with smd_bio. If you want to allow people to update bio info from the public site then smd_user_manager is not necessary; you’ll probably then use mem_form and rvm_privileged / cbe_frontauth to control logins to update profile info. It’s up to you which approach you use: depends on how you want the site to work.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

Board footer

Powered by FluxBB