Display content on Group page only if Member
We use the Lithium Group feature for a few "private" boards. These make it easy for non-admins to manage the membership and decide who can see/contribute content in the discussion forum, but other elements on the Group page are visible to everyone. We don't want the additional overhead of controlling access to the page by using Roles -- which require more training and privileges to administer.
So I was trying to come up with some Freemarker code that can determine whether the Group page visitor is a Group Member, and display the group content only if that's the case. Groups are not a property of the user context object (unlike roles), so my approach is to iterate through the group members to see if there is a match for the current user -- and if so, display the content. If no match is found, display a DENIED message (friendly version, though).
The following code seems to work. I'm looking for validation: is this the proper approach? Any gotchas?
<#assign show_module = false/>
<#-- bypass for Admins -->
<#if user.ranking.id == 1>
<#assign show_module = true/>
</#if>
<#-- if the user is not anonymous -->
<#if !show_module && user.registered >
<#-- REST call to get the members -->
<#-- Check for membership - coreNode.id resolves to Group ID -->
<#list restadmin("/groups/id/${coreNode.id}/members").users.user as member>
<#if member.id?? && (member.id?number == user.id)>
<#assign show_module = true/>
<#break/>
</#if>
</#list>
</#if>
<#if show_module>
<#-- SHOW PRIVILEGED GROUP CONTENT HERE -->
<#else>
<div class="lia-quilt-column-main-content">You must be logged in and <b>be member of this group</b> to access this content.<p></div>
</#if>Thanks,
Chris
- cjdinger - Seems fine, did you run it?
