Code
// Create output object - this object will store all of our output so that
// we can return it easily when required
$pnRender =& new pnRender('Example');
// For caching reasons you must pass a cache ID. This could be done as a
// separate parameter to every method that uses caching (like fetch, is_cached
// etc.) or by assigning the ID to the cache_id property like it is done in
// this case.
// The item ID is appropriate to be used as the cache ID.
$pnRender->cache_id = $tid;
// check out if the contents are cached.
// If this is the case, we do not need to make DB queries.
// Note that we print out "cached:" in front of a chached output --
// of course, this is here to illustrate caching and needs to be removed!
if ($pnRender->is_cached('example_user_display.htm')) {
return 'cached:' . $pnRender->fetch('example_user_display.htm');
}
// The API function is called. The arguments to the function are passed in
// as their own arguments array
$item = pnModAPIFunc('Example',
'user',
'get',
array('tid' => $tid));
// we can return it easily when required
$pnRender =& new pnRender('Example');
// For caching reasons you must pass a cache ID. This could be done as a
// separate parameter to every method that uses caching (like fetch, is_cached
// etc.) or by assigning the ID to the cache_id property like it is done in
// this case.
// The item ID is appropriate to be used as the cache ID.
$pnRender->cache_id = $tid;
// check out if the contents are cached.
// If this is the case, we do not need to make DB queries.
// Note that we print out "cached:" in front of a chached output --
// of course, this is here to illustrate caching and needs to be removed!
if ($pnRender->is_cached('example_user_display.htm')) {
return 'cached:' . $pnRender->fetch('example_user_display.htm');
}
// The API function is called. The arguments to the function are passed in
// as their own arguments array
$item = pnModAPIFunc('Example',
'user',
'get',
array('tid' => $tid));
In the above code the items permissions are checked in the API function. This happens after the caching check. From my understanding if someone with permissions accesses the item it is cached. Then, when someone without permissions accesses the item it is retrieved from the cache, despite them not having permissions!
How can this be fixed? I can't check ther permissions first as I don't have the item name, just its ID. So to get the name I'd need to call the DB, which kinda defeats the whole point of caching it in the first place...?
If anyone can explain this to me I'd appreciate it...
Thanks
edited by: adamjjackson, Aug 10, 2006 - 07:23 PM
