New casino in West Virginia.REGISTER NOW GET FREE 888 PESOS REWARDS!

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)

Forum: Plugins
In reply to: [Gravity Forms Directory] [Plugin: Gravity Forms Directory] Users can easily view and edit entries created by other users
turtletnt
(@turtletnt)

12 years, 1 month ago
And one final edit, *something* changed when our wordpress install was upgraded to the latest. I’m not sure what (and i can’t imagine this is what really broke us, but it was working the night before and confirmed by 3 testers), but we had to change the === to == for comparison operator on the user->id to $lead[‘created_by’] comparison.
```
(is_user_logged_in() && $current_user->id == $lead['created_by']) === true || //
```
Forum: Plugins
In reply to: [Gravity Forms Directory] [Plugin: Gravity Forms Directory] Users can easily view and edit entries created by other users
turtletnt
(@turtletnt)

12 years, 1 month ago
Just looking at this again, the code above will require editing of posts to be enabled, which was a requirement for our client. The snippet below may be more correct:
```
// If either of these two things are false (creator of lead, or admin)
            if(!(

                // User is are logged in and is the creator of the lead
                (is_user_logged_in() && $current_user->id === $lead['created_by']) === true || // OR

                // this person has administrator access
                (self::has_access("gravityforms_directory")) === true)
            ) {
                // Kick them out.
                _e(sprintf('%sYou do not have permission to view this form.%s', '<div class="error">', '</div>'), 'gravity-forms-addons');
                return;
            }
```
Forum: Plugins
In reply to: [Gravity Forms Directory] [Plugin: Gravity Forms Directory] Users can easily view and edit entries created by other users
turtletnt
(@turtletnt)

12 years, 1 month ago
We were able to work around this (at lease for the viewing portion) by modifying the lead_detail function in the gravity-forms-addons.php file and resusing the logic from the edit_lead_detail function.

The code now seems to handle the modification of the URL when viewing record details.

We inserted the following code starting at line 564 (directly before the call to extract($options). It essentially short circuits the generation of the detail screen and displays a notice to the user.
```
// If either of these two things are false (creator of lead, or admin)
            if(!(

                // Users can edit their own listings, they are logged in, the current user is the creator of the lead
                (!empty($options['useredit']) && is_user_logged_in() && $current_user->id === $lead['created_by']) === true || // OR

                // Administrators can edit every listing, and this person has administrator access
                (!empty($options['adminedit']) && self::has_access("gravityforms_directory")) === true)
            ) {
                // Kick them out.
                _e(sprintf('%sYou do not have permission to view this form.%s', '<div class="error">', '</div>'), 'gravity-forms-addons');
                return;
            }
```

Viewing 3 replies - 1 through 3 (of 3 total)