+- UserSpice (https://userspice.com/forums)
+-- Forum: Support Center (https://userspice.com/forums/forumdisplay.php?fid=23)
+--- Forum: UserSpice 4.3 and Below (https://userspice.com/forums/forumdisplay.php?fid=26)
+--- Thread: US4 Include Classes (/showthread.php?tid=88)
US4 Include Classes - brian - 02-26-2016
Well, the permissions is something I need to get on top of and figure out what needs to be public versus private, while still allowing a degree of read only access for guests. In either case, everything is coming together nicely.
US4 Include Classes - mudmin - 02-26-2016
I know that this is kind of sacrilegious because I spent all this time building UserSpice but sometimes it's easier to NOT use the built in permission system when you're making a ton of pages.
Sometimes you want to base whether or not someone can access a page based on some sort of weird parameter. Like, for instance, on the project I'm working on, I'm passing a get variable to edit a student's profile. I want to check if the student belongs to that actual teacher's class before I let them edit it, so I do a little check like...
Code:
<?php if($class != $student->class){die("Sorry, this student is not yours! You can't edit this profile!");} ?>In that case, there's no reason to even have the UserSpice permissions in there because I'm getting $class by
Code:
$class = $user->data()->id;So, in other words, if that teacher's id doesn't match the one on the student, they're not editing that profile no matter what. Basically I'm using UserSpice, but skipping all the other permission stuff and locking that entire group of students to that one teacher id and you can forget page permissions and user groups entirely.
US4 Include Classes - brian - 02-26-2016
I actually do almost exactly that from time to time. I do use the permissions table, but I just check to see if a user is moderator or admin level, then dynamically generate the content based on their level, thereby controlling what they see and can do. That being said, some of those pages still have forms on them, so I still need to use a combination of the permissions system and the CSRF type protection.
US4 Include Classes - Popkultur - 04-22-2017
Hi, I just wanted to say, this thread helped me a lot with ajax and tokens. I think it might be useful to include an ajax-example within userspice. Thanks a lot!
US4 Include Classes - mudmin - 04-23-2017
I never use ajax so I have to get myself up to speed with it!
Glad it's working for you!
US4 Include Classes - bladerunner - 12-14-2017
It was impossible for me to get the UserSpice Token class working with AJAX calls. I have found in other thread the code written by @Firestorm that is working properly in a very easy way. You can find the code in https://github.com/Firestorm-Graphics/CSRF-Protect
However, I appreciate all the effort of the UserSpice team for their great work!