Hi folks
I am really confused with USER content type.
Menu Structure:
- Member
- Profile
- Form
- Profile
- Admin
- Profiles
- Form
- Profiles
So.... for the Member/Profile/Form part....
- I want a user to be able to edit their user data i.e. phone number etc...
- I want ONLY admins to be able edit any user data i.e. blocked etc...
- I do NOT want members to be able to alter any other user.
- Currently, only admins create users profiles.
- So "created_by" is always ADMIN
- So "edit_own" does not come in to effect here
Currently, if a (devious) member changes the id in the url, they can manipulate another users data i.e
- "/profile/profile-form/form/user?id=441&return=..."
I am struggling to have it so that the user can NOT edit any other users data.
If I use SEBLOD Break, it just breaks no matter what I do i.e.
Field 1
- Name: user_id
Field 2
- Name: seblod_break_user
- Restriction: Fields
- Field Name / Value(s): user_id
- is Equal/In: User -> id
- If I change from Value to Form, or Invert -> Yes to Invert -> No, always same result: BREAK.
So after all that, how do you have a user form where the user can only edit where the user_id matches THEIR id?
One of the content type permission is "Edit Own": isn't what you are looking for?
cheers
Hi Guise
Actually it was, I had it in my head that edit_own was based on created by, but that is for articles.
What a knob!
.... continuing on...
So having it so that a user can only edit their own profile is good now.
However, as a front end admin, I am unable to get it so that admins can still edit any profile....
Access for the Content type is set so that the admin can edit.
2 buttons in the view
- Edit Button for members to edit their own profile (links to menu item "Member/Profile/Form on front end)
- Edit Button for admins to edit any profile (links to a menu item "Admin/Profiles/Form on front end)
...but no joy.
It is clear to me that Permissions are a weak spot for me,
With edit permission for admin it should work.