#7251
zunk
Participant

Hi Vladimir,
I’ve a question regarding security of this hook.

I’m building a member access website in order to share some deliveries of my company to my customers within Posts.
The aim is that only the customer attached to the delivery can read/access/view the post I’ve made for him.
So, I’m able to provide the post ID of deliveries, for any role (customer).
With your hooks, I’m able to make readable the Post I want for a dedicated role. Everything is already stored in a DB, so I call it easly and It works.
using this setting:
$restriction[‘access_model’] = 2;
$restriction[‘access_error_action’] = 1;
The “problem” with this approach is that I need first to allow “All user login” to view these Posts. To be securized, I also need to define this hook for every Role: in the other case the role (for which I dont define this setting) could have access to all posts.
So it works with a dynamic “$role_id” (related to the current user) checking at the begin of this hook.

But I wonder if my approach is good for security or if you recommand me another way?
thanks