I’ve looked over the docs for this, but can’t seem to find a way of doing it.
The current setup:
I have a dynamic page that contains dynamic data (view.php?id=[id]) that a user can submit. The data here is fetched from a database, and only shows data matching the query params.
In the said query, is a user ID of the person who created the entry in the database originally.
The problem:
Right now, anyone can go to view.php?id=[id]. I would like to make it so the only people that can access an ID is the person that originally submitted the data, by matching their current ID to the one from the query, and anyone with a bypass permission (An admin group, which is already in use on other pages).
How would I go about doing this? I can use the Security Provider Enforcer to enforce groups, but not single users and a group by the looks of it.
Last updated: