How isAuthorized with condition?

Need Help
1

Hello, by default I have that if you are not an administrator user can not access the edit page, the edit page, is passed as argument the user id, but I want that a user can access to edit your page, but not the others, now I have the function isAuthorized, this way:

public function isAuthorized($user) {   
 if((!isset($user['role'])) || ('' === $user['role'])) {
           return false;
         }
         else {
            if('edit' === $this->request->getParam('action')) {
              if('admin' === $user['role']) {
                return true;
              }
              elseif('user' === $user['role']) {
                return false;
              }
           }
           else {
             return true;
           }
      }
  }
}

But if the user matches your id you can edit. Something like that:

    if('edit/23' === $this->request->getParam('action'))
       if($user['id'] === 23} {
          return true;
       }
   }
2

Probably something along these lines:

if((!isset($user['role'])) || ('' === $user['role'])) {
    return false;
}
else {
    if('edit' === $this->request->getParam('action')) {
        //assuming getParam() works with dot notation
        if('admin' === $user['role'] || $user[$id] == $this->request->getParam('pass.0')) {
            return true;
        }
        elseif('user' === $user['role']) {
            return false;
        }
    }
    else {
        return true;
    }

For specifics, you’ll want to understand passed arguments in the request. This is for v4 and here

2 Likes
3

oohh thank you

pass.0 picks up the first parameter and you can compare it with the user thanks