Prevent Users Editing Previous CGBlog Posts [Solved]

Have a question or a suggestion about a 3rd party addon module or plugin?
Let us know here.
Post Reply
CAC
Forum Members
Forum Members
Posts: 14
Joined: Wed Mar 17, 2010 7:53 pm

Prevent Users Editing Previous CGBlog Posts [Solved]

Post by CAC »

Hi,

We have a blogging workflow where:

1) A user can login and is limited to creating a draft post.

2) An admin user then logs in and approves the post.

3) The post goes live.

However, the user who is limited to creating draft posts has the ability to edit his or her previous posts and previous posts by other users. This could lead to a sabotage without an admin user knowing.

How can we prevent users from:

a) Editing posts that they do not own.

AND

b) Editing posts that have been approved.

I have looked in the permissions but I cannot find anything. Thanks for any help.
Last edited by CAC on Tue Feb 05, 2013 1:55 pm, edited 1 time in total.
User avatar
manuel
Power Poster
Power Poster
Posts: 350
Joined: Fri Nov 30, 2007 9:15 am

Re: Prevent Users Editing Previous CGBlog Posts

Post by manuel »

Dear CAC,

2 years ago, i wrote something in those lines...
I must warn you that the authentication used in the article is probably not good enough!
Apparently "$smarty.session.cms_admin_username" gets the username from a session cookie in the browser. (can easily be modified)
The "$smarty.session.cms_admin_username" should be replaced with some UDT grabbing the username of the person that is currently logged in.

It could however provide you with a good starting point on how to limit access to certain articles by modifiying the module templates.
http://www.i-do-this.com/blog/41/Making ... -by-Author
1) A user can login and is limited to creating a draft post
I guess you should also be able to hide the draft dropdown select from the users by modifying the module template.
A value will still need to be passed so you it still has to be present. If you don't want users to try and trick the system you could probably not only hide the dropdown but make it so that it only has one option.
b) Editing posts that have been approved.
You should be able to add the a condition like this: "if user is not admin && status of article is published >> don't allow access"

Greetings,
Manuel
Do you like your open source cms? Buy from the CMSMS partners || Donate
CAC
Forum Members
Forum Members
Posts: 14
Joined: Wed Mar 17, 2010 7:53 pm

Re: Prevent Users Editing Previous CGBlog Posts

Post by CAC »

Thanks for your response Manuel.

I decided to take a different avenue - I utilised the Guestbook module and then re-skinned it so it appears to the frontend and admin users as if it is a blog.

This gives admins the ability to do everything desired.
User avatar
manuel
Power Poster
Power Poster
Posts: 350
Joined: Fri Nov 30, 2007 9:15 am

Re: Prevent Users Editing Previous CGBlog Posts [Solved]

Post by manuel »

Dear CAC,

Thx for the update :)

Greetings,
Manuel
Do you like your open source cms? Buy from the CMSMS partners || Donate
User avatar
Dr.CSS
Moderator
Moderator
Posts: 12678
Joined: Thu Mar 09, 2006 5:32 am
Location: Arizona

Re: Prevent Users Editing Previous CGBlog Posts [Solved]

Post by Dr.CSS »

CGBlog has front end submission...

Supports multi-user blogs

Allows authorized frontend users to submit blog articles.
Allows frontend users to manage their own blog articles.
Allows filtering by author in summary view.

"fesubmit" - to display a form allowing site visitors to submit blog articles.

You could make the submit form hidden to all but FEUs...
Check ver. CMSMS, PHP, server OS, in System Information page.
Default content http://multiintech.com/defaultcontent/
People are Wonderful
Business is Great
Life is Terrific
Ever wonder what happened to the Album module? Well it is alive and well.
http://album.multiintech.com/
Image
Post Reply

Return to “Modules/Add-Ons”