I would be very grateful if anybody could help with this piece of code. I´d like to integrate it in custom user-profile.tpl.php, following php snippet to restrict access to user profile: Display allowed only to approved friends. I assume something ($flag) should be after "&& is_numeric(arg(1))"...

<?php
global $user;
if (arg(0) == 'user' && $user->uid == arg(1) && is_numeric(arg(1)) && ??? )
{
  print "<div class=\"profile\">" . $user_profile . "</div>";
}
else {
  print sorry;
}
?>

Thank you.

Comments

sirkitree’s picture

sirkitree commented
Status: Active » Closed (fixed)

Flag friend has a function that lists a users friends. I would set this to a variable and then check to make sure the current user's uid is within that array of friends.

@see flag_friend_get_friends().

miljats’s picture

miljats commented

Thanks sirkitree. I appreciate your effort to help me but I just do not know how to implement $friend->uid into it. :(

Is this what I´m looking for?:

flag_friend_get_friends($uid, $reset = NULL) {
  static $friends;
  
  if (!isset($friends[$uid]) || $reset) {
    $result = db_query("SELECT * FROM {flag_friend} WHERE uid = %d OR friend_uid = %d", $uid, $uid);
    while ($friend = db_fetch_object($result)) {
      // if the current user is in the uid column
      if ($friend->uid == $uid) {
        // load the friend_uid
        $friends[$uid][$friend->friend_uid] = user_load(array('uid' => $friend->friend_uid));
      }
      else { // the current user is the friend_uid
        // load the uid column as the friend
        $friends[$uid][$friend->uid] = user_load(array('uid' => $friend->uid));
      }
    }
  }
  
  return $friends[$uid];
sirkitree’s picture

sirkitree commented

Actually if what you are trying to do is permit access to the url (ex: /user/4) then you should really be working with hook_menu_alter(), not implementing logic in your tpl file. That's a big slap on the wrist. ;)

Here's the concept.

The menu router system that provides [user/%user_uid_optional] (you can find this in user.module) has an 'access callback'. This points to a function that determines whether the current user (gloabl $user) has access to this url.

So if you want to only allow a user's friends to view their profile, you need to override the current 'access callback' with your own. Here is how to do this:

1. In your own custom module, implement hook_menu_alter() in order to override the typical function that is called.

function my_custom_module_menu_alter(&$items) {
  $items['user/%user_uid_optional']['access callback'] = 'my_custom_module_user_view_access';
}

2. Implement this custom access callback.

/**
 * @param object account
 *   This is the current user's profile we're looking at.
 */
function my_custom_module_user_view_access($account) {
  global $user;

  // Do the normal check first.
  if (user_view_access($account)) {
    // Get the friends of the current user using the Flag Friend API.
    $users_friends = flag_friend_get_friends($user->uid);
  
    // If the owner of the profile is in the list of the current user's friends, then we allow access.
    return in_array($account->uid, $users_friends);
  }
  // Return FALSE if user_view_access() failed.
  return FALSE;
}

NOTE: code untested. Please test thoroughly before implementing on a production site.

miljats’s picture

miljats commented

I have created custom module "friendaccess" with "accessfriend.module" file. accessfriend.module contains this code:

<?php

function friendaccess_menu_alter(&$items) {
  $items['user/%user_uid_optional']['access callback'] = 'friendaccess_user_view_access';
}

rest of code:

function friendaccess_user_view_access($account) {
  global $user;

  // Do the normal check first.
  if (user_view_access($account)) {
    // Get the friends of the current user using the Flag Friend API.
    $users_friends = flag_friend_get_friends($user->uid);
 
    // If the owner of the profile is in the list of the current user's friends, then we allow access.
    return in_array($account->uid, $users_friends);
  }
  // Return FALSE if user_view_access() failed.
  return FALSE;
}

i have put at the end of theme template.php. (that is right place?)

Result is that I can not see any profile and on profile page stays warning:

warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, 'friendaccess_user_view_access' was given in /home...

Thanks anyway, sorry for bothering and stealing your time.

miljats’s picture

miljats commented
Status: Closed (fixed) » Needs work

Sorry for the opening of previously closed thread, but one solution came out after few days of research.
This piece of code embedded into custom user profile template seems to be working.
I would be grateful if someone could review and confirm the correctness of the code.

<?php
global $user;
global $flag;
    $flag = flag_get_flag('friend');
    if ((flag_friend_determine_friend_status($flag, $account->uid, $user->uid) == FLAG_FRIEND_FLAGGED) || (arg(0) == 'user' && $user->uid == arg(1) && is_numeric(arg(1)) || user_access('administer users') )) {
print $user_profile;
    }
else print "only friend access";
?>

Only the profile owner, profile owner's friends and the administrators have access to user profile.

sirkitree’s picture

sirkitree commented
Status: Needs work » Closed (won't fix)

Closing due to inactivity.