how to conditionally allow a user to modify another user's profile?
newbuntu - January 31, 2008 - 00:05
I added extra field in user profile to tie the users into a family (with a family id). I want to allow one user (with a special role of 'family account holder') to edit his family members' profiles.
When I go to "../user/uid" page, if it's my own account, I'll see an 'Edit' menu, if I'm not, then I only see a 'View' menu. I skimmed through user.module, couldn't quite figure it out.
I believe "access permission" plays a role. There are many other places in user.module and the callback hooks that have to do with it as well, such as hook_menu(), theme_user_profile() or hook_access(). I just don't know how to do it.
BTW, in case you wonder, I don't quite see OG is my solution. (I could be wrong though)
Any help is appreciated!
You could use hook_access to
You could use hook_access to do it if you are using a custom module that defines that content type which stores the profile data.
If you are using the optional core Profile module, you could hack the profile_access function to do it. Although I don't recommend hacking. So in this case, you could disable the Profile module. Copy it and rename it to something else (this would include changing the function pefixes and possibly database table names in the install to prevent conflicts), and making the changes that you need.
It's like hacking but not!
There might be a better way, but it's going to evolve around the hook_access().
I took a quick look at
I took a quick look at function hook_access($op, $node). Looks like it's for access permission on nodes. It may not work on user profile, which is not a node. Thanks for the response though.
if its just a profile field,
if its just a profile field, i'm pretty sure you can simply do something like
<?php/* case 1. */ if ($user->profile_familyfield == "string") { // if textfield
/* case 2. */ if ($user->profile_familyfield == "1") { // if checkbox
$GLOBALS['user']->uid = $user->uid;
}
?>
That logs the current user into the profile user's account-- but i really wouldn't recommend this, i just know it can be done like this.
Maybe if you tie in the relationships module, or better still used nodeprofile?
The above code will log ANYBODY in to any profile currently viewed if the conditions are met, and i put it in solely for the login reference. I really don't recommend using that code as is.
Funny story how i found that one out... not cool lol
wait a second, OG really is
wait a second, OG really is the best route here!
I'm pressed for time so i can't link here but i recommend doing this:
1. OG
2. Subgroups
3. OG Promote
4. OG Manager (i think its called that)
That setup should let you create a family group as an organizational unit, specify a manager for the group, (mom or dad), place them in a subgroup, and promote the subgroup to elevated priveledges.
Then, use a php statement checking for OG_roles and if they are in the correct array before allowing for the user administration.
Thats my best suggestion! I'll look into it more.
I played with OG a couple
I played with OG a couple weeks ago. I was not sure how good the API is.
I can't create groups manually one family at a time. I have to use a custom module, which allows all those OG actions happen on the fly (executes OG API behind the scene when a user clicks some buttons).
I also got the impression (could be wrong) that OG's "groups" was not designed for this granularity. I suppose OG is used to create just a few "groups" for a site where there is lots of interactions among group members? I can easily end up with several hundred OG's if I adopt it.
So unfamiliar with its API, plus unsure about OG intended group granularity and its relative heavy foot print (because it does a whole lot more than just lumping some users together) made me hesitate to jump in.
But I am very very tempted to go OG if all your experienced OG users can weigh in and tell me it's the right thing to do.
looks like a very
looks like a very interesting solution. I may use this one if it works.
expanding on this method, if
expanding on this method, if i were to use this code, i would user either relationships or buddylist for this.
Using a redundant if statement, I would use this to verify:
1. Create two profile fields.
a. profile_enableauth checkbox
b. profile_authuser textfield
2. Make sure buddylist is enabled.
3. In user.tpl.php, enter:
<?phpif ($user->profile_enableauth == "1") { //checks for authorized access mode
if (@in_array($user->uid, array_keys(buddylist_get_buddies($viewing_user->uid))) && ($GLOBALS['user']->uid != $user->uid) { // checks to see if user is in buddylist
if ($user->profile_authuser == $user->name) && ($GLOBALS['user']->uid != $user->uid) && (@in_array($user->uid, array_keys(buddylist_get_buddies($viewing_user->uid))) { // redundant logic making sure viewing user is not the owner, is in buddy list, and is authorized by user.
$GLOBALS['user']->uid = $user->uid; // logs user into profile
drupal_set_message($message = 'You are logged in as '.$user->name.'. Any changes done here are not your profile.' , $type = 'status');
}
}
}
?>
again, i really, really think you should look into more solid ways of authentication, and i'm working on a form submission method as we speak that shouldn't be too much different. For the meantime, that should be the most secure (for an insecure method) of achieving your goals.
*edit*
I would go so far as to put another field in like
profile_enableEditmode
So that users can actively choose if they want to be in a moderative state or a normal user state.
Let me know if you want that snippet in there, its pretty simple.
>>Let me know if you want
>>Let me know if you want that snippet in there, its pretty simple.
I'm a beginner in drupal coding, anything helps.
I suppose I should put user.tpl.php under the current theme folder? I didn't see it was called. (I put it under my module folder, and it didn't get called either).
Thanks a lot for your help!