Hi,
We have a blogging workflow where:
1) A user can login and is limited to creating a draft post.
2) An admin user then logs in and approves the post.
3) The post goes live.
However, the user who is limited to creating draft posts has the ability to edit his or her previous posts and previous posts by other users. This could lead to a sabotage without an admin user knowing.
How can we prevent users from:
a) Editing posts that they do not own.
AND
b) Editing posts that have been approved.
I have looked in the permissions but I cannot find anything. Thanks for any help.
Prevent Users Editing Previous CGBlog Posts [Solved]
Prevent Users Editing Previous CGBlog Posts [Solved]
Last edited by CAC on Tue Feb 05, 2013 1:55 pm, edited 1 time in total.
Re: Prevent Users Editing Previous CGBlog Posts
Dear CAC,
2 years ago, i wrote something in those lines...
I must warn you that the authentication used in the article is probably not good enough!
Apparently "$smarty.session.cms_admin_username" gets the username from a session cookie in the browser. (can easily be modified)
The "$smarty.session.cms_admin_username" should be replaced with some UDT grabbing the username of the person that is currently logged in.
It could however provide you with a good starting point on how to limit access to certain articles by modifiying the module templates.
http://www.i-do-this.com/blog/41/Making ... -by-Author
A value will still need to be passed so you it still has to be present. If you don't want users to try and trick the system you could probably not only hide the dropdown but make it so that it only has one option.
Greetings,
Manuel
2 years ago, i wrote something in those lines...
I must warn you that the authentication used in the article is probably not good enough!
Apparently "$smarty.session.cms_admin_username" gets the username from a session cookie in the browser. (can easily be modified)
The "$smarty.session.cms_admin_username" should be replaced with some UDT grabbing the username of the person that is currently logged in.
It could however provide you with a good starting point on how to limit access to certain articles by modifiying the module templates.
http://www.i-do-this.com/blog/41/Making ... -by-Author
I guess you should also be able to hide the draft dropdown select from the users by modifying the module template.1) A user can login and is limited to creating a draft post
A value will still need to be passed so you it still has to be present. If you don't want users to try and trick the system you could probably not only hide the dropdown but make it so that it only has one option.
You should be able to add the a condition like this: "if user is not admin && status of article is published >> don't allow access"b) Editing posts that have been approved.
Greetings,
Manuel
Do you like your open source cms? Buy from the CMSMS partners || Donate
Re: Prevent Users Editing Previous CGBlog Posts
Thanks for your response Manuel.
I decided to take a different avenue - I utilised the Guestbook module and then re-skinned it so it appears to the frontend and admin users as if it is a blog.
This gives admins the ability to do everything desired.
I decided to take a different avenue - I utilised the Guestbook module and then re-skinned it so it appears to the frontend and admin users as if it is a blog.
This gives admins the ability to do everything desired.
Re: Prevent Users Editing Previous CGBlog Posts [Solved]
Dear CAC,
Thx for the update
Greetings,
Manuel
Thx for the update
Greetings,
Manuel
Do you like your open source cms? Buy from the CMSMS partners || Donate
Re: Prevent Users Editing Previous CGBlog Posts [Solved]
CGBlog has front end submission...
Supports multi-user blogs
Allows authorized frontend users to submit blog articles.
Allows frontend users to manage their own blog articles.
Allows filtering by author in summary view.
"fesubmit" - to display a form allowing site visitors to submit blog articles.
You could make the submit form hidden to all but FEUs...
Supports multi-user blogs
Allows authorized frontend users to submit blog articles.
Allows frontend users to manage their own blog articles.
Allows filtering by author in summary view.
"fesubmit" - to display a form allowing site visitors to submit blog articles.
You could make the submit form hidden to all but FEUs...