The code below should be placed in the filter_functions.php
file in overrides per the JReviews Hooks documentation.
This is meant to be a starting point, not a full-proof solution as JReviews itself doesn't have functionality to limit visibility of user generated content.
// Listing list pages
// https://www.jreviews.com/docs/hooks/pre_get_listings_listpage_query
// https://www.jreviews.com/docs/hooks/pre_get_listings_listings_module_query
function limit_listing_list_visibility_to_owners_and_admins($ListingsRepository, $params)
{
$user = S2App::make('auth');
if ($user->admin) {
return $ListingsRepository;
}
$model = $ListingsRepository->getModel();
// Only shows listings created by the current logged in user, or none for guests
$ListingsRepository->where('Listing.'.$model::_LISTING_USER_ID. ' = '. $user->id);
return $ListingsRepository;
}
Clickfwd\Hook\Filter::add('pre_get_listings_listpage_query', 'limit_listing_list_visibility_to_owners_and_admins', 10);
Clickfwd\Hook\Filter::add('pre_get_listings_listings_module_query', 'limit_listing_list_visibility_to_owners_and_admins', 10);
// Listing detail page
// https://www.jreviews.com/docs/hooks/render#restrict-listing-detail-visibility-to-owner-and-certain-groups
function limit_listing_visibility_to_owners_and_admins($output, $params)
{
$user = S2App::make('auth');
$listing = $params['viewVars']['listing'];
// Only shows listing detail to listing owner and admins
if ($user->matchesUserId($listing['User']['user_id']) || $user->admin) {
return $output;
}
// What you do here is up to you
return "You don't have authorization to view this page.";
};
Clickfwd\Hook\Filter::add('render_com_content_com_content_view', 'limit_listing_visibility_to_owners_and_admins', 10);
Clickfwd\Hook\Filter::add('render_listings_detail', 'limit_listing_visibility_to_owners_and_admins', 10);
// https://www.jreviews.com/docs/hooks/render
Clickfwd\Hook\Filter::add('render', function($output, $params, $instance)
{
$user = S2App::make('auth');
if ($user->admin) {
return $output;
}
// Block access to all of the following routes for non-admin users
if (in_array($params['route'], [
'reviews.latest',
'reviews.latest_user',
'reviews.latest_editor',
'reviews_search.results',
'media.mediaList',
'media.photoGallery',
'media.videoGallery',
'reviews.myreviews',
'discussions.latest',
'discussions.review',
])) {
// What you do here is up to you
return "You don't have authorization to view this page.";
}
return $output;
});