Admin-only fields and plugin code

3 posts by 2 authors in: Forums > CMS Builder
Last Post: April 8, 2013   (RSS)

By gregThomas - April 8, 2013

Hi pgplast,

If a user does not have admin rights to view a field it is completely removed from the record editing page, and so nothing is created for it in the request array. If we hid the field a user could still edit the contents of the hidden field using the browse (for example using the Chrome console). 

If the user doesn't have access to the field you could retrieve its value from the database using the mysql_get function:

  global $CURRENT_USER;

  if(@$CURRENT_USER['isAdmin']){
    $staller = $_REQUEST['staller'];
  }else{
    $tempRecord = mysql_get($_REQUEST['menu'],$_REQUEST['num']);
    $staller = $tempRecord['staller'];
  }

This is just example code, so you might have to make a few changes to get it working with your plugin.

So the global $CURRENT_USER is imported into the plugin so that we can check if the user is an administrator. If the current user is administrator then we can get the staller value from the request array. Otherwise it has to be retrieved from the database using the mysql_get function. 

Let me know if you have any questions.

Thanks!

Greg

Greg Thomas

PHP Programmer - interactivetools.com

By pgplast - April 8, 2013

Thanks, Greg.

Much appreciated!