nilslice
commented
5 years ago You'll probably want to look into the hooks provided by Ponzu: https://docs.ponzu-cms.org/Interfaces/Item/#itemhookable
For example, the BeforeAdminCreate and BeforeAdminSave will give you a handle to the current *http.Request and with it you can check the admin credentials, stored in a cookie. There is a helper function to check if the current request is being made by an Admin, but it will only help you check if the request is authenticated, not who the user is.
There is a cookie stored on these requests with the name _token. This cookie value is a JWT, with a "user" param in the claims. The "user" param has the email address of the signed-in admin user, which you could use to do the check.
Hope this helps!
olliephillips
Dear Ponzu User,
I want to add some access control to ponzu but I'm new here and want your advice on how to do it.
For example, there are two type in ponzu: Author and Book, each book has an author. Each author has one account for ponzu admin page.
I want the author can only add new book for his own, and edit the book detail for his own.
How should I do that? Please give me some hints.
BR,Austin