Admin-only fields and plugin code

3 posts by 2 authors in: Forums > CMS Builder
Last Post: April 8, 2013   (RSS)

By pgplast - April 7, 2013

I am working a project for which I have written a series of plugins. After having tested the code for each, I later went on to set several fields referenced in the plugin code to "Admin-only" access.

Following this, my plugins return "undefined index" errors when they try to pull values from the fields, (e.g. $staller = $_REQUEST['staller'] returns an undefined index as though the field is not there).

I have gotten around this temporarily by hiding the fields by employing Chris' ShowHideFieldsForUsers, but am wondering if this is the behavior you designed. Can't we assign access privileges to a field in the backend but still reference those fields in our plugin code?

Thanks.

pgplast

By gregThomas - April 8, 2013

Hi pgplast,

If a user does not have admin rights to view a field it is completely removed from the record editing page, and so nothing is created for it in the request array. If we hid the field a user could still edit the contents of the hidden field using the browse (for example using the Chrome console). 

If the user doesn't have access to the field you could retrieve its value from the database using the mysql_get function:

  global $CURRENT_USER;

  if(@$CURRENT_USER['isAdmin']){
    $staller = $_REQUEST['staller'];
  }else{
    $tempRecord = mysql_get($_REQUEST['menu'],$_REQUEST['num']);
    $staller = $tempRecord['staller'];
  }

This is just example code, so you might have to make a few changes to get it working with your plugin.

So the global $CURRENT_USER is imported into the plugin so that we can check if the user is an administrator. If the current user is administrator then we can get the staller value from the request array. Otherwise it has to be retrieved from the database using the mysql_get function. 

Let me know if you have any questions.

Thanks!

Greg

Greg Thomas

PHP Programmer - interactivetools.com