Profile item visibility vs access right
-
Hello,
I created a plugin that add an item in the profile menu :
plugin.addProfileItem = function (data, callback) { data.links.push({ id: 'myplugin', route: 'myplugin', icon: 'fa-bar-chart', name: "My Plugin", visibility: { self: true, other: true, moderator: true, globalMod: true, admin: true, } }); callback(null, data); };The purpose is to allow other users to see the new page of the user of their choice.
With the visibility attribute, other users see the item in the menu but when they click on it :Access Denied You seem to have stumbled upon a page that you do not have access to.My main question is : Where could I set up access rights in this case ?
Two more questions :
- How to get the uid and userslug (not the current user but the profile user) on my new page ?
- Same question for the uid on server side (in my plugin code)
-
Find out the answer to my main question :
In the Controllers.render I have forgotten this piece of code :if (res.locals.uid !== req.user.uid) { return res.render('403', {}); }Still searching for these questions :
- How to get the uid and userslug (not the current user but the profile user) on my new page ?
- Same question for the uid on server side (in my plugin code)
-
@Dinendal
So we can do this :var uidProfile = data.req.res.locals.uid; console.log("\nProfile UID :"+uidProfile); User.getUserField(uidProfile, 'userslug', function(err, userslug) { console.log("\nUserslug :"+userslug); });Now I'm searching if there's another way to get this var than sending this with socket.
I saw some [[global...]] tags in tpl files whose are probably the answer. -
On client side, you have
app.user.userslugetc -
Look in
ajaxify.dataon the profile page, that should mirrorres.locals
