Preferred way to restrict access

[dalslandan]

Afternoon.

I am wondering how one would go about blocking pages, and forms efficiently in the code. Or only the later one, since blocking pages isn't too hard but forms can be tricky.
I have seen mods implementing functionality to block pages, but what if I would like to manually block forms from within the code?

If I were to restrict access to a pages in e.g. index.template.php (not fancy, I know) and match parts of the URL query.

Code Select Expand


if((strcasecmp($_GET['action'], 'who') == 0 && $context['user']['can_mod'] == false) {
  header('HTTP/1.0 403 Forbidden');
  echo 'You are not allowed to view this page. - 403 Forbidden'; // Display some restricted message
  die();
}


Forms would still be evaluated to my understanding. (if the who is online page would have a form)
I have definitely not come around how the URL query is built and parsed throughout the source. Although I have seen a pattern towards parameters in the URL query string.

[Arantor]

You can't do it in index.template.php, the page logic has already run by then.

What are you trying to do that the existing permissions system can't do?

[dalslandan]

You can't do it in index.template.php, the page logic has already run by then.

What are you trying to do that the existing permissions system can't do?

Restrict access to certain forms for users.
What I was looking at now, was disabling the ability for users to send emails to other users with the built-in system.

Code Select Expand


/index.php?action=emailuser;sa=email


Edit: Found much of what I was looking for in SendTopic.php

[Arantor]

Even though that has an actual permission last I checked?

[dalslandan]

Even though that has an actual permission last I checked?

My bad, it appears to be perfectly so.
I have been bad at going through all the settings, especially the more in-depth general permissions for groups.

Very much valuable configuration appears to be present in there. Thank you.