02-26-2016, 06:42 PM
I know that this is kind of sacrilegious because I spent all this time building UserSpice but sometimes it's easier to NOT use the built in permission system when you're making a ton of pages.
Sometimes you want to base whether or not someone can access a page based on some sort of weird parameter. Like, for instance, on the project I'm working on, I'm passing a get variable to edit a student's profile. I want to check if the student belongs to that actual teacher's class before I let them edit it, so I do a little check like...
In that case, there's no reason to even have the UserSpice permissions in there because I'm getting $class by
from UserSpice.
So, in other words, if that teacher's id doesn't match the one on the student, they're not editing that profile no matter what. Basically I'm using UserSpice, but skipping all the other permission stuff and locking that entire group of students to that one teacher id and you can forget page permissions and user groups entirely.
Sometimes you want to base whether or not someone can access a page based on some sort of weird parameter. Like, for instance, on the project I'm working on, I'm passing a get variable to edit a student's profile. I want to check if the student belongs to that actual teacher's class before I let them edit it, so I do a little check like...
Code:
<?php if($class != $student->class){die("Sorry, this student is not yours! You can't edit this profile!");} ?>
In that case, there's no reason to even have the UserSpice permissions in there because I'm getting $class by
Code:
$class = $user->data()->id;
So, in other words, if that teacher's id doesn't match the one on the student, they're not editing that profile no matter what. Basically I'm using UserSpice, but skipping all the other permission stuff and locking that entire group of students to that one teacher id and you can forget page permissions and user groups entirely.