Profile item visibility vs access right



  • Hello,

    I created a plugin that add an item in the profile menu :

    plugin.addProfileItem = function (data, callback) {	
    	data.links.push({
    		id: 'myplugin',
    		route: 'myplugin',
    		icon: 'fa-bar-chart',
    		name: "My Plugin",
    		visibility: {
    			self: true,
    			other: true,
    			moderator: true,
    			globalMod: true,
    			admin: true,
    		}
    	});
    	callback(null, data);
    };
    

    The purpose is to allow other users to see the new page of the user of their choice.
    With the visibility attribute, other users see the item in the menu but when they click on it :

    Access Denied
    You seem to have stumbled upon a page that you do not have access to.
    

    My main question is : Where could I set up access rights in this case ?

    Two more questions :

    • How to get the uid and userslug (not the current user but the profile user) on my new page ?
    • Same question for the uid on server side (in my plugin code)


  • Find out the answer to my main question :
    In the Controllers.render I have forgotten this piece of code :

    if (res.locals.uid !== req.user.uid) {
    	return res.render('403', {});
    }
    

    Still searching for these questions :

    • How to get the uid and userslug (not the current user but the profile user) on my new page ?
    • Same question for the uid on server side (in my plugin code)


  • @Dinendal

    Server side :

    data.req.res.locals.uid
    


  • @Dinendal
    So we can do this :

    var uidProfile = data.req.res.locals.uid;
    console.log("\nProfile UID :"+uidProfile);
    User.getUserField(uidProfile, 'userslug', function(err, userslug) {
    	console.log("\nUserslug :"+userslug);
    });
    

    Now I'm searching if there's another way to get this var than sending this with socket.
    I saw some [[global...]] tags in tpl files whose are probably the answer.


  • Global Moderator

    On client side, you have app.user.userslug etc



  • @PitaJ It seems that app.user store the current user informations.

    But I want the informations of the user profile that I chose to show/visit.


  • Global Moderator

    Look in ajaxify.data on the profile page, that should mirror res.locals


Log in to reply
 

Suggested Topics

  • 3
  • 2
  • 2
  • 1
  • 6
| |