Reputation: 865
I have been adding event registrant features into my Apostrophe site. I created a new "leader" group, and if a user is part of that group, the event page should show a table with current registrant counts/basic information:
{% for reg in data.piece.registrants %}
{% set count = count + reg.attendeeCount %}
<tr>
<td>{{reg._user.firstName}} {{reg._user.lastName}}</td>
<td>{{reg.attendeeCount}}</td>
</tr>
{% endfor %}
<tr class="total-registrant-row">
<td>Total</td>
<td></td>
<td></td>
<td>{{count}}</td>
I have added a Registrants array to apostrophe-events, which itself contains a single join to a user:
addFields: [
{
name: 'registrants',
label: 'Registrants',
type: 'array',
schema: [
{
name: '_user',
withType: 'apostrophe-user',
type: 'joinByOne',
idField: 'userId',
filters: {
// Fetch only basic information to show in table:
projection: {
id: 1,
username: 1,
firstName: 1,
lastName: 1,
email: 1
}
}
},
{
name: 'registrationDate',
label: 'Registration Date',
contextual: true,
type: 'string'
},
{
name: 'attendeeCount',
label: 'Total Attendees',
type: 'integer'
}
]
}
]
I noticed that while I was logged in as admin, this worked correctly, but if I logged in as a user in the leader group (who is not an admin), the count would show up, but not the user information. I'm assuming this is because the leader group doesn't have permission to get any users. How would I set it up so that the template either bypasses permissions in this instance, or give leaders permission to view information for any users registered on events?
Thanks!
Upvotes: 2
Views: 71
Reputation: 7572
You can use the filters
property of your join to invoke any cursor method, including permission
, which you can set to false
to allow users to be fetched without regard to the permissions of the current user:
filters: {
// Fetch only basic information to show in table:
projection: {
id: 1,
username: 1,
firstName: 1,
lastName: 1,
email: 1
},
// Ignore permissions for this join:
permission: false
}
```
Upvotes: 3