Limit entery for view or edit to its owner only - NeoCMS - Forum

Forum Navigation
You need to log in to create posts and topics.

Limit entery for view or edit to its owner only - NeoCMS

Hi!

I'm making a simple online shop for my cousin to get started with neoCms...

I could add smtp email data on setting, so users can reset password with email!
(but i dont know how to send password reset in my app there is no command for that in neoCms commands)

Anyway...

I need to limit some collection enteries to their owner only. for example i want a user see or edit or delete his own data from chat collection or orders collection but he/she should not see orders and chats from other people of course!

I found a code in cockpit cms forum, but i dont know if it works and its secure or not... (i tested it seems something wrong with that)

Add this code to "read section" of collection):

<?php
if ($context->user && $context->user['group'] != 'admin') {
    $context->options['filter']['_by'] = $context->user['_id'];
}

I need limit some collections to their owner only (and +admin).
I wonder If you found a secure way to do that @luishp or @gaev

Thanks!

@noyzen, have you checked this link?

Example configuration / granular user permissions · Issue #675 · agentejo/cockpit · GitHub

Regards.

noyzen has reacted to this post.
noyzen

Yes, thats above solution which i said Luis.

I have searched their forum and help and google... No luck yet.

I have some more problems with neoCms which i tell you later,

But at all i like it so much.

luishp has reacted to this post.
luishp

@noyzen I have just tested the code and it works fine for me:

<?php

/*
  restrict visible entries to content creators/owners
  
  How to use:
    * edit collection and open "Permissions" tab
    * enable "read" permission and place the code below
  
*/

if ($context->user && $context->user['group'] != 'admin') {
    $context->options['filter']['_by'] = $context->user['_id'];
}

Regards,

Open chat
1
Do you need more info?
Hi, do you have any doubt?