Restrictions on child posting

This support ticket is created Il y a 5 années et 11 mois. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

No supporters are available to work today on Toolset forum. Feel free to create tickets and we will handle it as soon as we are online. Thank you for your understanding.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
-	9:00 – 13:00	9:00 – 13:00	9:00 – 13:00	9:00 – 13:00	9:00 – 13:00	-
-	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	-

Supporter timezone: Asia/Hong_Kong (GMT+08:00)

Marqué : Access plugin, Controlling access to front-end content, Forms with post relationships, Toolset Forms

This topic contains 4 réponses, has 2 voix.

Last updated by atsushiK Il y a 5 années et 11 mois.

Assisted by: Luo Yang.

Auteur

Publications

mai 14, 2018 at 9:57 am #882878

atsushiK

I am trying to:

I use a CRED form to create a site that allows external users to subscribe to members and create unique projects.

From the My Account page, I made it so that members who are child postings included in each user's project can be registered.

Projects are user specific, members can only register the project owner, others can not register as a member.

However, when submitting a child, I noticed that just by changing the parent id of url, I can register members of other projects.

I do not want to register members except project owners. I am looking for ways to check parent's ownership when submitting a child.

Is there any way?

mai 15, 2018 at 2:39 am #886386

Luo Yang

Hello,

I suggest you try these:
1) Create a view list "Projects" posts, filter by post author is the specific users(current login user)
https://toolset.com/documentation/user-guides/filtering-views-query-by-author/

in the view's loop section, display a link for creating child post, so when user click the link, it will pass URL parameter to target page and CRED form, he will see below CRED form with parent selector, which is setup with default value by the URL parameter.

2) In the CRED form for creating "child postings", and you can use CSS codes to hide the parent selector.

mai 15, 2018 at 10:31 am #888109

atsushiK

I will go to the child's post from the loop section created by view. Change the parent ID of that child submission page in the URL column.

You can register as a member to a project that I do not own.

I do not do it with normal operation, but I am worried that a malicious person came to my site. Please tell me something good.

mai 16, 2018 at 1:14 am #891179

Luo Yang

Above solution works in the client side, You can validate the user's input in server side too, for example when user submits the CRED form, you can use CRED filter hook "cred_form_validate" to trigger a PHP function, in this function check if the user is submitting the correct data:
check parent's ownership

See our document:
https://toolset.com/documentation/programmer-reference/cred-api/#cred_form_validate
This hook provides custom validation for form fields

mai 16, 2018 at 10:23 am #891890

atsushiK

I succeeded in the way I was taught. Thank you for your advise!

This ticket is now closed. If you're a WPML client and need related help, please open a new support ticket.