Locking down a user profile in your theme using custom attribute
Permalink
It is assumed you have worked with themes or single_pages and know how to override stock files by placing them into your single_pages or theme directory. It is assumed that you have enabled public profiles and kept them open to the public.
1) First grab the concrete/single_pages/members.php and concrete/single_pages/profile/* if you haven't already. If you are doing this in your theme place all the files in your theme's root, but take care not to copy the profile/view.php over your existing view.php. Instead name it profile.php
2) If you are theming, doctor up the files with your header/footer info
3) If you are theming, update your config/site_theme_paths.php for the paths, /members, /profile, /profile/edit, /profile/avatar, /profile/messages, /profile/friends
4) Create the user attribute: 'profile_display_in_public'
5) Update users who want to display profile
6) Edit your profile.php and wrap the following code around <div id="ccm-profile-wrapper"> section.
7) Edit your members.php and wrap the following code around the <div class="ccm-profile-member"> section.
Now logout and test it. Click on Members. You shouldn't see the admin user but you should see users with the attribute checked. Now try to navigate to index.php/profile/view/1/ that is the super user and you should see the error page or nothing at all if you opted out of providing an error.
The test looks for the following things:
1) the profile user has the attribute checked
2) the visitor is in administrators group
3) the visitor is super user
I think that is everything I did to make this work. If I missed something, I'll update this post.
1) First grab the concrete/single_pages/members.php and concrete/single_pages/profile/* if you haven't already. If you are doing this in your theme place all the files in your theme's root, but take care not to copy the profile/view.php over your existing view.php. Instead name it profile.php
2) If you are theming, doctor up the files with your header/footer info
3) If you are theming, update your config/site_theme_paths.php for the paths, /members, /profile, /profile/edit, /profile/avatar, /profile/messages, /profile/friends
4) Create the user attribute: 'profile_display_in_public'
5) Update users who want to display profile
6) Edit your profile.php and wrap the following code around <div id="ccm-profile-wrapper"> section.
$ui = UserInfo::getByID($profile->getUserID()); $u = new User(); if ($ui->getAttribute('profile_display_in_public') == 1 || $u->isSuperUser() || $u->inGroup(Group::getByName('Administrators'))) { // ccm-profile-wrapper section } else { // display error message, grab it from page_forbidden.php to make it pretty }
7) Edit your members.php and wrap the following code around the <div class="ccm-profile-member"> section.
$ui = UserInfo::getByID($user->getUserID()); if ($ui->getAttribute('profile_display_in_public') == 1 || $u->isSuperUser() || $u->inGroup(Group::getByName('Administrators'))) { // ccm-profile-member section }
Now logout and test it. Click on Members. You shouldn't see the admin user but you should see users with the attribute checked. Now try to navigate to index.php/profile/view/1/ that is the super user and you should see the error page or nothing at all if you opted out of providing an error.
The test looks for the following things:
1) the profile user has the attribute checked
2) the visitor is in administrators group
3) the visitor is super user
I think that is everything I did to make this work. If I missed something, I'll update this post.
