Use the Read Permission / $_GET dont work

Hello,
i will write a extra Permission to have only access if the user is the Creator of the Collection Item or he is on the Accesslist. In my Test i use the $_GET Var to use the different Settings for the Filter. But its don’t work but if i ask for the Parameter with var_dump it’s work only the IF dont work. Have you any Ideas? or a better way to Access only Creators of the Collection Item or on the Access List for this item.

Thanks for your Help.

I don’t really use these permissions (they are confusing). I didn’t test that code, but this basic concept might work…

if ($entry['_by'] == $context->user['_id']
   || in_array($context->user['_id'], $entry['custom_account_array'])) {
    // set filter
}

I would use the collections.find.before event

Can You Explain how i can use the collections.find.before Event?

Wait i See this is not a Backend Event. I will use this in the Backend to only show a Entry to Edit by Specific Person and the Creator of the Entry.

The Persons i will define this in the Entrys.

I tried to reproduce your setup and created a test collection with two fields:

  • title (text) → no extra permissions
  • acc (acces list) → permission: group “admin”

The group “test” has permission to view/edit/create/delete entries and I added this snippet to the read permission field.

<?php

if ($context->user['group'] != 'admin'
    && !($entry['_by'] == $context->user['_id']
       || in_array($context->user['_id'], $entry['acc']))
    ) {

    $context->options['filter']['_by'] = $context->user['_id'];

}

I wrote some permissions in the past. Maybe they are helpful for inspiration:

I disabled the read permission from above and added this snippet to /config/bootstrap.php

// restrict entries to owner if not in group "admin" or "test"
$app->on('collections.find.before', function($name, &$options) {

    $user = $this->module('cockpit')->getUser();

    if (!in_array($user['group'], ['admin', 'test'])) {
        $options['filter']['_by'] = $user['_id'];
    }

});

This should fit your setup:

// if not admin: filter by user id (creator or in acces-list field)
// testet with SQLite
// entries have a field "acc" of type "acces-list"
$app->on('collections.find.before', function($name, &$options) {

    $user = $this->module('cockpit')->getUser();

    if ($user['group'] != 'admin') {

        $options['filter']['$or'] = [
            ['_by' => $user['_id']],
            ['acc' => ['$in' => [$user['_id']]]]
        ];

    }

});

Thanks @raffaelj for the Answer helps me a lot to finde the Correct Informations for me :slight_smile: