The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
US4 Include Classes
#21
Well, the permissions is something I need to get on top of and figure out what needs to be public versus private, while still allowing a degree of read only access for guests. In either case, everything is coming together nicely.
  Reply
#22
I know that this is kind of sacrilegious because I spent all this time building UserSpice but sometimes it's easier to NOT use the built in permission system when you're making a ton of pages.

Sometimes you want to base whether or not someone can access a page based on some sort of weird parameter. Like, for instance, on the project I'm working on, I'm passing a get variable to edit a student's profile. I want to check if the student belongs to that actual teacher's class before I let them edit it, so I do a little check like...

Code:
<?php if($class != $student->class){die("Sorry, this student is not yours! You can't edit this profile!");} ?>

In that case, there's no reason to even have the UserSpice permissions in there because I'm getting $class by
Code:
$class = $user->data()->id;
from UserSpice.

So, in other words, if that teacher's id doesn't match the one on the student, they're not editing that profile no matter what. Basically I'm using UserSpice, but skipping all the other permission stuff and locking that entire group of students to that one teacher id and you can forget page permissions and user groups entirely.
  Reply
#23
I actually do almost exactly that from time to time. I do use the permissions table, but I just check to see if a user is moderator or admin level, then dynamically generate the content based on their level, thereby controlling what they see and can do. That being said, some of those pages still have forms on them, so I still need to use a combination of the permissions system and the CSRF type protection.
  Reply
#24
Hi, I just wanted to say, this thread helped me a lot with ajax and tokens. I think it might be useful to include an ajax-example within userspice. Thanks a lot!
  Reply
#25
I never use ajax so I have to get myself up to speed with it!

Glad it's working for you!
  Reply
#26
It was impossible for me to get the UserSpice Token class working with AJAX calls. I have found in other thread the code written by @Firestorm that is working properly in a very easy way. You can find the code in https://github.com/Firestorm-Graphics/CSRF-Protect

However, I appreciate all the effort of the UserSpice team for their great work!
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)