This site uses cookies and similar technologies.

If you don't change browser settings, you agree to it.

I understand
1223 Posts
Bucklash
1 year ago
4
Topic

Hi folks

I am really confused with USER content type.

Menu Structure:

  • Member
    • Profile
      • Form
  • Admin
    • Profiles
      • Form

So.... for the Member/Profile/Form part....

  1. I want a user to be able to edit their user data i.e. phone number etc...
  2. I want ONLY admins to be able edit any user data i.e. blocked etc...
  3. I do NOT want members to be able to alter any other user.
  • Currently, only admins create users profiles.
  • So "created_by" is always ADMIN
  • So "edit_own" does not come in to effect here

Currently, if a (devious) member changes the id in the url, they can manipulate another users data i.e 

  • "/profile/profile-form/form/user?id=441&return=..."

I am struggling to have it so that the user can NOT edit any other users data.

If I use SEBLOD Break, it just breaks no matter what I do i.e.

Field 1

  • Name: user_id

Field 2

  • Name: seblod_break_user
  • Restriction: Fields
    • Field Name / Value(s): user_id
    • is Equal/In: User -> id
  • If I change from Value to Form, or Invert -> Yes to Invert -> No, always  same result: BREAK.

So after all that, how do you have a user form where the user can only edit where the user_id matches THEIR id?

Get a Book for SEBLOD
231 Posts
Giuse
1 year ago
3
Level 1

One of the content type permission is "Edit Own": isn't what you are looking for?

cheers

1223 Posts
Bucklash
1 year ago
2
Level 2

Hi Guise

Actually it was, I had it in my head that edit_own was based on created by, but that is for articles.

What a knob!

1223 Posts
Bucklash
1 year ago
1
Level 3

.... continuing on...

So having it so that a user can only edit their own profile is good now.

However, as a front end admin, I am unable to get it so that admins can still edit any profile....

Access for the Content type is set so that the admin can edit.

2 buttons in the view

  1. Edit Button for members to edit their own profile (links to menu item "Member/Profile/Form on front end)
  2. Edit Button for admins to edit any profile (links to a menu item "Admin/Profiles/Form on front end)

...but no joy.

It is clear to me that Permissions are a weak spot for me,

4229 Posts
Kadministrator
1 year ago
0
Level 4

With edit permission for admin it should work.

Get a VIP membership