Forums | Mahara Community
Support
/
Permissions?
28 January 2009, 18:33
Hi Dan - yes, it does need to be && if you want only people with staff AND admin to do it, although I would think in most cases, your teachers would just have the staff role while your IT team would have the admin role - thus the || is probably more suited.
Rather than using die, use this:
throw new AccessDeniedException('You are not allowed to create groups');
This will give you a nice Mahara-themed error page.
Last thing - the $USER object is actually available in the template, so your check in the template can be:
{if $USER->get('staff') && $USER->get('admin')}
Without needing the $role.
29 January 2009, 6:29
Ok, great, the less files hacked the better! I will access $USER directly from the template.
Regarding the exception, I did try your exception but I got a blank white screen and not an error - didn't have time to look at it any further. It's only a fallback position anyway in case a very bright student manages to work out the url for create.php and tries to access it directly. Removal of the button will stop 99.9% of our kids.
Regarding ANDs and ORs, I was referring to the not clause in create.php. I agree that for the template I want OR - either staff or admin want to see the button. But for the blocked access on create.php I am blocking accounts that have *neither* staff *nor* admin (ie students). so i want !X AND !Y imho.
Thanks foir all your help and swift responses! Much appreciated,
dan
29 January 2009, 7:09
I should have used good old DeMorgan's law. Always a confusion, even though boolean algebra was something I was quite good at in university29 January 2009, 9:43
Hei!What if i'd need to give access to the tutor on the students arfetact resumee. Let's say i have a general goal that has to be edited only by the controlled comunity stuff(prof, admin).
I have to find a way to talk to the artefact class not to listen to $USERID but to the $loggedinid. Actually i've done a really strange way: I've ported all the tpl and json files(3-4) into the user folder into a new folder let's say /user/editprofile and, changing the path actually works right, though it listends to the loggedinid, it should listen the the id of the user that it's beeing visited. I've done little testing, though i need to ask if it's incerediby difficult?
How can i pass that variable to the class? And where is that $USER->id held anyway > sessions? cookies? (might seem really stupid this question i know! sorrry! :D
29 January 2009, 17:31
Hi - I don't quite understand your questions . If you're finding it hard to allow others access to users' portfolio data, that's because we haven't made it easy, because it's all supposed to be private by default. I guess you could hack things to make it work, but it's not a good idea.. the views interfaces is really where people should be exposing their data.
The ID of the logged in user is $USER->get('id') btw.
05 February 2009, 8:19
Hey, Nigel, DeMorgan's law - this is a pattern I have come across in my own coding again and again and it has always intrgued me. And now I can give it a name! (wikipedia soon set me straight)
cheers ears.
dan :-)
- «Previous page
- 1
- 2
- »Next page