in2code-de
Usergroup validation: keep hidden (administrative) usergroups on update
I'm stuck on a special problem here: Users should be able to choose from a defined range of usergroups in order to assign themselves to their areas of interest. It should also be possible for users to change these usergroups when editing their profile.
However, we still want to assign users to different "administrative" usergroups in order to allow/restrict their access to certain page contents. These administrative usergroups should be kept when users edit their profile.
Example: usergroups A (uid 1), B (uid 2) and C (uid 3) define areas of interest. usergroups X (uid 4), Y (uid 5) and Z (uid 6) define different access levels.
When setting
plugin.tx_femanager.settings.edit.usergroup {
required = 1
inList = 1,2,3
}
user-editable groups would be updated correctly, but administrative groups are lost on the update.
In our case, the two usergroup types differ by pid, so I was able to add these administrative usergroups to the Usergroup.html partial as hidden fields in order to have them submitted on update. BUT users shouldn't be able to add usergroups from that range by themselves.
After this, when setting
plugin.tx_femanager.settings.edit.usergroup {
required = 1
inList = 1,2,3,4,5,6
}
administrative usergroups would be kept, but users would be able to edit the HTML code assign themselves to usergroups they shouldn't have.
But when setting
plugin.tx_femanager.settings.edit.usergroup {
required = 1
inList = 1,2,3
}
users would get an error message caused by the hidden fields with uids from outside that list.
Is there any way to get around that problem?
