Skip to content

Instantly share code, notes, and snippets.

@jreviews

jreviews/filter_functions.md

Created October 20, 2021 12:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jreviews/b750a4f94ab52c4a9af3b76f675fd98c to your computer and use it in GitHub Desktop.
Save jreviews/b750a4f94ab52c4a9af3b76f675fd98c to your computer and use it in GitHub Desktop.
Download ZIP
Restrict page access to admins and listing owners
Raw
filter_functions.md

The code below should be placed in the filter_functions.php file in overrides per the JReviews Hooks documentation.

This is meant to be a starting point, not a full-proof solution as JReviews itself doesn't have functionality to limit visibility of user generated content.

// Listing list pages
// https://www.jreviews.com/docs/hooks/pre_get_listings_listpage_query
// https://www.jreviews.com/docs/hooks/pre_get_listings_listings_module_query

function limit_listing_list_visibility_to_owners_and_admins($ListingsRepository, $params)
{
	$user = S2App::make('auth');

	if ($user->admin) {
		return $ListingsRepository;
	}

	$model = $ListingsRepository->getModel();

  // Only shows listings created by the current logged in user, or none for guests
	$ListingsRepository->where('Listing.'.$model::_LISTING_USER_ID. ' = '. $user->id);

	return $ListingsRepository;
}

Clickfwd\Hook\Filter::add('pre_get_listings_listpage_query', 'limit_listing_list_visibility_to_owners_and_admins', 10);
Clickfwd\Hook\Filter::add('pre_get_listings_listings_module_query', 'limit_listing_list_visibility_to_owners_and_admins', 10);

// Listing detail page
// https://www.jreviews.com/docs/hooks/render#restrict-listing-detail-visibility-to-owner-and-certain-groups
function limit_listing_visibility_to_owners_and_admins($output, $params) 
{
	$user = S2App::make('auth');

	$listing = $params['viewVars']['listing'];

	// Only shows listing detail to listing owner and admins
	if ($user->matchesUserId($listing['User']['user_id']) || $user->admin) {
		return $output;
	}

	// What you do here is up to you
	return "You don't have authorization to view this page.";
};

Clickfwd\Hook\Filter::add('render_com_content_com_content_view', 'limit_listing_visibility_to_owners_and_admins', 10);
Clickfwd\Hook\Filter::add('render_listings_detail', 'limit_listing_visibility_to_owners_and_admins', 10);

// https://www.jreviews.com/docs/hooks/render
Clickfwd\Hook\Filter::add('render', function($output, $params, $instance) 
{
	$user = S2App::make('auth');

	if ($user->admin) {
		return $output;
	}

	// Block access to all of the following routes for non-admin users
	if (in_array($params['route'], [
		'reviews.latest',
		'reviews.latest_user',
		'reviews.latest_editor',
		'reviews_search.results',
		'media.mediaList',
		'media.photoGallery',
		'media.videoGallery',
		'reviews.myreviews',
		'discussions.latest',
		'discussions.review',
	])) {
  	// What you do here is up to you
	  return "You don't have authorization to view this page.";
	}
  
  return $output;
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment