Hello,
i will write a extra Permission to have only access if the user is the Creator of the Collection Item or he is on the Accesslist. In my Test i use the $_GET Var to use the different Settings for the Filter. But its don’t work but if i ask for the Parameter with var_dump it’s work only the IF dont work. Have you any Ideas? or a better way to Access only Creators of the Collection Item or on the Access List for this item.
I wrote some permissions in the past. Maybe they are helpful for inspiration:
I disabled the read permission from above and added this snippet to /config/bootstrap.php
// restrict entries to owner if not in group "admin" or "test"
$app->on('collections.find.before', function($name, &$options) {
$user = $this->module('cockpit')->getUser();
if (!in_array($user['group'], ['admin', 'test'])) {
$options['filter']['_by'] = $user['_id'];
}
});
This should fit your setup:
// if not admin: filter by user id (creator or in acces-list field)
// testet with SQLite
// entries have a field "acc" of type "acces-list"
$app->on('collections.find.before', function($name, &$options) {
$user = $this->module('cockpit')->getUser();
if ($user['group'] != 'admin') {
$options['filter']['$or'] = [
['_by' => $user['_id']],
['acc' => ['$in' => [$user['_id']]]]
];
}
});