Mikael Johansson
|
Monday 11 July 2005 9:55:39 am
I'll give you an example just to get started: I have User groups with some extened attributes (Group phone number, group emiail, etc) and these groups contain users. I want my group administrator, who has edit rights on one of the groups, to be able to remove users from this group. The administrator does not (can not) have edit rights on the users. This is what I have done so far, but I think I have complicated stuff by doing it all in template programming.
{* removelocation.tpl
/*
*
* Input: nodeID of the location to delete as eZpublish template variable
* Output: Success or failure of removing the node
* Result: Node is removed.
*
* written by Mikael Johansson, mjo[at]chs.chalmers.se July 2005
*/
*}
{* Check permissions *}
{* 1. Current user.contentobject_id == thenode.contentobject_id
2. Current user has admin rights on thenode.
*}
{def $permsOK = false}
{def $chscurruser = fetch( 'user', 'current_user' )}
{def $thenode = fetch('content', 'node', hash('node_id', $nodeID))}
{if eq($chscurruser.contentobject_id, $thenode.contentobject_id)}
user is trying to remove itself from the group. That's ok
{set $permsOK = true}
{/if}
{if $thenode.parent.can_edit}
<div> user is admin for the group. Permissions ok </div>
{set $permsOK = true}
{/if}
{if eq($permsOK, false)}
<div>Insufficient access rights.</div>
{else}
<div>Perms ok, removing...</div>
// CODE HERE FOR REMOVING THE NODE
}
{/if}
Mikael Johansson, Sweden
|