User Relationships works well to control node access to content per an approved user list.
But the problem I am running into is that I would like to also use the core Profile module, and allow those who are connected via User Relationships to see each others user profiles. I have spent 2 hours trying to figure out a way to not allow a user to spoof the URL and see any user account (Access User Profiles permission is required to see user profiles currently).
I thought of a couple solutions to fix this. What I want to do is serve a 403 page if the URL is spoofed and the requesting user has no access.
Here is what I was thinking:
I wanted to get some thoughts on this, because I want this check to happen on the user profile page. hook_init() seemed too beefy.
Would this be an effective solution? Thoughts? Or is there a module that will allow me to do this quickly?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.