1

I would like to protect the viewing of an _entry.html page so that only a user related to that entry can view it.

GlennJ
  • 575
  • 3
  • 12

1 Answers1

2

You could loop through the users and compare them.

{% set authorized = false %}
{% for user in entry.authorizedUsers %}
    {% if user == currentUser %}
        {% set authorized = true %}
    {% endif %}
{% endfor %}

{% if not authorized %}
    {% redirect 403 %}
{% endif %}
Douglas McDonald
  • 13,457
  • 24
  • 57
  • Ahha! I didn't know about redirect tag, will give that a shot, thanks – GlennJ Jan 10 '15 at 23:39
  • Glad to help. Let me know if that first option works. I'm curious myself. Also, you can redirect anywhere with the redirect method (I just chose 403 as an example), or display alternate content if you like. You may also have to check if there is a currentUser at all, using {% if currentUser %}... {% endif %} – Douglas McDonald Jan 10 '15 at 23:52
  • Pretty sure Twig doesn't have an in_array. It does have an in, so you could do {% if not currentUser in entry.authorizedUsers %}, but I doubt that will work when comparing whole objects to each other. Would probably need to just do the comparison on authorId, but honestly your 2nd solution seems better. – Brad Bell Jan 11 '15 at 00:20
  • 1
    @Brad.... thanks. I was looking at a post on the twig stack exchange and misread it. As you say, still may not work. – Douglas McDonald Jan 11 '15 at 18:56