set some usergroup as a blacklist in juser form plugin

samani

samani

Member
hi...
it is possible to define some group as a Whitelist in the option ribbon in the juser plugin.
is it possible to define some group as a blacklist that user can not register to that?can i use Condition for that?if yes,can you give me simple example code for define some group as blacklist...
thank you...
 
Nothing built it, but you could either do a validation on the element you use for the group, or a condition on juser.

What element type are you using for group selection?

-- hugh
 
i'm using usergroup element and disable editing for registered user to select one item and i know it have security problem.for this problem i want add some group to blacklist then hacker user can not insert each groupid.
 
OK, but I'm a little confused as to the difference between whitelist and blacklist. Group ids that aren't in the whitelist are, by definition, "blacklisted". There's no functional difference between specifying a list of ids they can use, versus a list of ids they can't.

Or are you saying you need to do this on a per-user basis, depending what group / access level they are in? So "teir 2" users can only set "teir 1", but "teir 3" users can set "twier 2" and "teir 1"?

If so, then yes, you'd need a PHP validation, that figures out what groups they can select ... something like ...

Code: 
$user = JFactory::getUser();
$levels = $user->getAuthorisedViewLevels();

// for example, if teir 3 is access level 100, teir 2 is 101
// and tweir 3 can add group ids 50, 51, 52,  and teir 2 can add group ids 51 and 52
if (in_array(100, $levels)) {
   // teir 3 admin, can use ...
   $allowedGroups = array(50, 51, 52);
}
else if (in_array(101, $levels)) {
   $allowedGroups = array(51, 52);
}
else {
   // either have another $allowedGroups here, or barf 'cos they don't seem to be an admin
   return false;
}

// get the intersect of $allowedGroups and the submitted groups ...
$intersect = array_intersect($allowedGroups, $formModel->formData['yourtable___usergroups']);

// if there are more entries in the submitted data than the intersect, then they selected a group they aren't allowed
if ($formModel->formData['yourtable___usergroups'] > count($intersect))
   return false;
}

return true;

-- hugh
 
You must log in or register to reply here.

Useful links

  • Create a Fabrik Account (Downloads)
  • Create a Forum Account
  • Fabrik Wiki
  • Fabrik 4 Changelog /Install /Upgrade
    • We are in need of some funding.
    More details.

    Thank you.

    Members online

    Total: 127 (members: 6, guests: 121)
    Back
    Top