Page 1 of 1
Prevent Users Editing Previous CGBlog Posts [Solved]
Posted: Thu Jan 31, 2013 11:38 am
by CAC
Hi,
We have a blogging workflow where:
1) A user can login and is limited to creating a draft post.
2) An admin user then logs in and approves the post.
3) The post goes live.
However, the user who is limited to creating draft posts has the ability to edit his or her previous posts and previous posts by other users. This could lead to a sabotage without an admin user knowing.
How can we prevent users from:
a) Editing posts that they do not own.
AND
b) Editing posts that have been approved.
I have looked in the permissions but I cannot find anything. Thanks for any help.
Re: Prevent Users Editing Previous CGBlog Posts
Posted: Thu Jan 31, 2013 12:10 pm
by manuel
Dear CAC,
2 years ago, i wrote something in those lines...
I must warn you that the
authentication used in the article is probably
not good enough!
Apparently "$smarty.session.cms_admin_username" gets the username from a session cookie in the browser. (can easily be modified)
The "$smarty.session.cms_admin_username"
should be replaced with some
UDT grabbing the username of the person that is currently logged in.
It could however provide you with a good starting point on how to limit access to certain articles by modifiying the module templates.
http://www.i-do-this.com/blog/41/Making ... -by-Author
1) A user can login and is limited to creating a draft post
I guess you should also be able to hide the draft dropdown select from the users by modifying the module template.
A value will still need to be passed so you it still has to be present. If you don't want users to try and trick the system you could probably not only hide the dropdown but make it so that it only has one option.
b) Editing posts that have been approved.
You should be able to add the a condition like this: "if user is not admin && status of article is published >> don't allow access"
Greetings,
Manuel
Re: Prevent Users Editing Previous CGBlog Posts
Posted: Tue Feb 05, 2013 1:55 pm
by CAC
Thanks for your response Manuel.
I decided to take a different avenue - I utilised the Guestbook module and then re-skinned it so it appears to the frontend and admin users as if it is a blog.
This gives admins the ability to do everything desired.
Re: Prevent Users Editing Previous CGBlog Posts [Solved]
Posted: Tue Feb 05, 2013 3:22 pm
by manuel
Dear CAC,
Thx for the update
Greetings,
Manuel
Re: Prevent Users Editing Previous CGBlog Posts [Solved]
Posted: Wed Feb 06, 2013 6:13 pm
by Dr.CSS
CGBlog has front end submission...
Supports multi-user blogs
Allows authorized frontend users to submit blog articles.
Allows frontend users to manage their own blog articles.
Allows filtering by author in summary view.
"fesubmit" - to display a form allowing site visitors to submit blog articles.
You could make the submit form hidden to all but FEUs...