CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13

Category permissions

sevenfieldsevenfield
edited October 2011 in Modules
I've installed the Articles module from the simple modules tutorial and I'd like to know if it's possible to prevent certain users from accessing specific categories.

I've set up a user account that only has access to the Articles module and I'd like that user to only have access to one category that's already been created by the admin.

Not sure how to modify this...can anyone point me in the right direction?

Comments

  • adminadmin
    edited 2:44PM
    One way to handle record level permissions may be to do the check on the model. So for example, you can create a "list_items" method on your model (used for displaying the list view in FUEL), that only returns their specific categories. You can filter the list by adding to the where condition with active record and filtering on the logged in users ID with something like:
    $this->db->where('users_id', $this->fuel_auth->valid_user('id'));

    Additionally, you can add that specific where logic to your models _common_query() method to do filtering on all the model's "find_" methods.
  • sevenfieldsevenfield
    edited 2:44PM
    Much appreciated. Thanks for the quick response.
Sign In or Register to comment.