| Re: Permissions... like News Module |
| by jmass on 2004/3/29 23:45:16 Because this is what the Forum says: ==================================== User Side Suppose that a user requests the contents of a category via the HTTP GET method. The variable $_GET['category_id'] will be used to identify the requested category. Specify the permission we are going to check for. This must be one of the permission names created on the admin side. $perm_name = 'Category Permission'; The unique id of an item to check permissions for. $perm_itemid = intval($_GET['category_id']); ==================================== I have seemed to make it work. I am not sure if I am doing it "by the book", but it seams to be working well. I am just confused by the Forum quoted above. JMass |
| Re: Permissions... like News Module |
| by Mithrandir on 2004/3/29 22:07:59 Why would you send the category_id with the request? You say that the user with permission 2 is granted access with a GET var of 2 - well... isn't that user supposed to have access? and are you sure it is because of the GET parameter? |
| Re: Permissions... like News Module |
| by jmass on 2004/3/29 21:44:03 I did as the thread said, but have a question: If the category_id is passed via get or post, can't the user just alter the var passed and gain access? I have just that experience. I have one user with the permission of 1 and another with the permission of 2. When I log in as the user with permission 2 and pass the 1 via GET to category_id I am denied. If I change the Get var to 2, I am granted access. Is this right? JMass |
| Re: Permissions... like News Module |
| by Mithrandir on 2004/3/29 20:08:02 If you start off as in the group permissions thread, you are half-way there |
| Re: Permissions... like News Module |
| by jmass on 2004/3/29 20:03:52 Makes sense... sort of ![]() I think I got your drift though. Like most things I am sure after it is done once I will say "Oh yeah.. that wasn't that hard) I will give it a try. Thanks, JMass |