Limit entery for view or edit to its owner only - NeoCMS
Quote from noyzen on March 8, 2022, 5:41 pmHi!
I'm making a simple online shop for my cousin to get started with neoCms...
I could add smtp email data on setting, so users can reset password with email!
(but i dont know how to send password reset in my app there is no command for that in neoCms commands)Anyway...
I need to limit some collection enteries to their owner only. for example i want a user see or edit or delete his own data from chat collection or orders collection but he/she should not see orders and chats from other people of course!
I found a code in cockpit cms forum, but i dont know if it works and its secure or not... (i tested it seems something wrong with that)
Add this code to "read section" of collection): <?php if ($context->user && $context->user['group'] != 'admin') { $context->options['filter']['_by'] = $context->user['_id']; }I need limit some collections to their owner only (and +admin).
I wonder If you found a secure way to do that @luishp or @gaevThanks!
Hi!
I'm making a simple online shop for my cousin to get started with neoCms...
I could add smtp email data on setting, so users can reset password with email!
(but i dont know how to send password reset in my app there is no command for that in neoCms commands)
Anyway...
I need to limit some collection enteries to their owner only. for example i want a user see or edit or delete his own data from chat collection or orders collection but he/she should not see orders and chats from other people of course!
I found a code in cockpit cms forum, but i dont know if it works and its secure or not... (i tested it seems something wrong with that)
Add this code to "read section" of collection):
<?php
if ($context->user && $context->user['group'] != 'admin') {
$context->options['filter']['_by'] = $context->user['_id'];
}
I need limit some collections to their owner only (and +admin).
I wonder If you found a secure way to do that @luishp or @gaev
Thanks!
Quote from luishp on March 9, 2022, 7:26 pm@noyzen, have you checked this link?
Example configuration / granular user permissions · Issue #675 · agentejo/cockpit · GitHub
Regards.
@noyzen, have you checked this link?
Example configuration / granular user permissions · Issue #675 · agentejo/cockpit · GitHub
Regards.
Quote from noyzen on March 9, 2022, 9:28 pmYes, thats above solution which i said Luis.
I have searched their forum and help and google... No luck yet.
I have some more problems with neoCms which i tell you later,
But at all i like it so much.
Yes, thats above solution which i said Luis.
I have searched their forum and help and google... No luck yet.
I have some more problems with neoCms which i tell you later,
But at all i like it so much.
Quote from luishp on April 3, 2022, 2:13 pm@noyzen I have just tested the code and it works fine for me:
<?php /* restrict visible entries to content creators/owners How to use: * edit collection and open "Permissions" tab * enable "read" permission and place the code below */ if ($context->user && $context->user['group'] != 'admin') { $context->options['filter']['_by'] = $context->user['_id']; }Regards,
@noyzen I have just tested the code and it works fine for me:
<?php
/*
restrict visible entries to content creators/owners
How to use:
* edit collection and open "Permissions" tab
* enable "read" permission and place the code below
*/
if ($context->user && $context->user['group'] != 'admin') {
$context->options['filter']['_by'] = $context->user['_id'];
}
Regards,