Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Advice, please! Custom Pages and role-based content (community calendar)

I would appreciate any advice that can be given relating to displaying custom content based on user roles with regards to Custom Pages.

My project:
I am in the process of implementing an event calendar for my community within Vanilla. I cannot use a Google Calendar for a variety of reasons, the most critical of which is privacy. Thus, I need to ensure the calendar is hidden behind Vanilla's authentication scheme. My implementation currently uses the Private Community plugin.

I have created a MySQL database to hold event data and render it to screen with Adam Shaw's FullCalendar JQuery plugin (because it's awesome) with some/a whole lot of cribbing from Niels' work. Here's the hard part for me:

A subset of my user base will need to be able to add/edit/delete events on the calendar, and I plan to do this via a PHP and/or AJAX-y management form. Alternatively, I'd like to allow or disallow access to FullCalendar's event drag-and-drop and editing functions using Vanilla's roles. Unfortunately I think this is beyond my current abilities and knowledge. For the time being I need to:

1. Render a link in the Panel that causes the calendar to appear in the Content area, visible to all authenticated users (alternatively, this link could appear in the nav)
2. Show the calendar and event management form on the same page
3. Hide or display the management page (or functions) from users based on Vanilla roles

My thought is that I need to create a Custom Page for the calendar and subsequently render FullCalendar on that page. If I employ the separate event management form to alter the calendar I will need some way to wrap it in a tag that displays only when viewed by permitted roles (a la what Pockets enables). Alternatively, I'd need something like this (from event.php in Niels' Fcalendar implementation of FullCalendar):
/* something like if...user role = x allow, else disallow and throw Exception "you don't have permission, jack!" */ $query = "INSERT INTO event (title,start,end,allDay) VALUES ('" . $title . "','" . $start . "','" . $end . "','" . $allDay . "')"; $result = mysql_query ( $query, $this->database->getHandle () ); if ($result == FALSE) { throw new Exception ( 'error in sql=' . $query ); } $query = 'select id from event where title=\'' . $title . '\' and start=\'' . $start . '\' and end=\'' . $end . '\' and allDay=\'' . $allDay . '\''; $returner = Database::selectQuery ( $query, $this->database ); if (count ( $returner ) == 0) { throw new Exception ( 'create(): no id found for title=' . $title . ' start=' . $start . ' end=' . $end . ' allDay=' . $allDay );

Can anyone offer some direction? It'd be much appreciated.


Sign In or Register to comment.