Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Tagging Permissions
I'm trying to use Vanilla as sort of a catalog, and I'd like to restrict tagging to specific user-groups to ensure searching is accurate and streamlined. So I'd like to restrict general members from using tags, but allow other "staff" groups to insert and utilize them.
Any thoughts on this would help, thanks.
0
Best Answer
-
hbf MVP
Sebhael said:
I figured as much, but when I look at other examples it seems like they have specific permissions created for them. I couldn't manage to get it to work using "tagging manage" permissions, it just spit out "User Does Not Have Permission" errors.create a custom permission group and refer to it by name.
0
Answers
modify the view to only show the tagging field when a permissions check passes. There are examples of this type of code in many other plugins.
Vanilla Wiki, Tastes Great! 31,000 viewers can't be wrong. || Plugin Development Explained
I figured as much, but when I look at other examples it seems like they have specific permissions created for them. I couldn't manage to get it to work using "tagging manage" permissions, it just spit out "User Does Not Have Permission" errors.
create a custom permission group and refer to it by name.
Vanilla Wiki, Tastes Great! 31,000 viewers can't be wrong. || Plugin Development Explained
I got it by inserting
$Session = Gdn::Session(); if ( $Session->CheckPermission('Garden.Users.Edit') ) { // All of the "Add The Tag Input to the Discussion Form" Code of **class.tagging.plugin.php** (roughly line 369) }
Thread management will be a key part of any staff member's role, so I can just change that to Vanilla.Discussions.Edit and be alright.
Thanks for the insight.
NP. glad you got it working.
Vanilla Wiki, Tastes Great! 31,000 viewers can't be wrong. || Plugin Development Explained
securing only the display of the form means people could still get round this by drawing up their own post. You need to secure the submission of tags.
grep is your friend.