User Relationships and User Access Control
User Relationships works well to control node access to content per an approved user list.
But the problem I am running into is that I would like to also use the core Profile module, and allow those who are connected via User Relationships to see each others user profiles. I have spent 2 hours trying to figure out a way to not allow a user to spoof the URL and see any user account (Access User Profiles permission is required to see user profiles currently).
I thought of a couple solutions to fix this. What I want to do is serve a 403 page if the URL is spoofed and the requesting开发者_Go百科 user has no access.
Here is what I was thinking:
- Disable Access User Profile permission
- Call hook_menu_alter or hook_menu_link_alter in a custom module
- Change access callback to a custom function, check for user relationship
- If no relationship exists serve a 403, otherwise return user_view
I wanted to get some thoughts on this, because I want this check to happen on the user profile page. hook_init() seemed too beefy.
Would this be an effective solution? Thoughts? Or is there a module that will allow me to do this quickly?
All you need: CCK Private Fields + Content Profile
精彩评论