Thread

I have a site where a special member group ‘Staff Admins’ is able to create entries on behalf of other users if needed. The problem I’m having though is being able to specify the ‘author_id’. I’ve tried is as a hidden input, as a parameter and using jquery to overwrite the hidden fields value that is created by the form.

When I do get somewhat there with the jquery tweak (ie. checking the input using the inspector show’s that it has the correct author_id), I’m running into a ‘The selected author is invalid’ error upon submission.

Checking permissions/security on the Member Group shows that I have full privileges to do what I need to do.

Any clarification available from EL on this?

(Site is running v2.4 at this stage - upgrading to v2.5.2 is problematic as we’re about to go live).

Hi Brendan,

There are some tricks you can play on SafeCracker if you are sneaky, and sometimes they work!

In the Control Panel publish page, the value is stored as “author” not author_id. It has proven possible in the past to take these field names and hardcode them into SafeCracker forms for the desired result.

If you need to reassign the author of an entry, try using “author” as the name of the field and supplying the author ID you want to reassign.

Cheers,

Hi Dan

Dragging this up from the depths, it was actually ‘author_id’ as the hidden input, but unfortunately the person creating the new entry needs to be in the Super Admin group, otherwise they trigger the ‘invalid_author’ (The selected author is invalid.) error upon publishing, even though another Member Group has their settings set to allow editing of others entries.

Think the line in the Api_channel_entries.php is around 1246 where it’s looking to authenticate against Super Admin group only as the exception:

if ($data['author_id'] != $this->EE->session->userdata('member_id') && $this->EE->session->userdata('group_id') != 1)

Any ideas how I might circumvent this problem I have?

Cheers
Brendan

Hi Brendan,

Looks like what you’re looking to do isn’t a supported feature of SafeCracker right now, and we can’t recommend a hack to the code to enable it. It’s a security precaution that you’d need to disable to get it to work, and we need to do our due diligence before approving something like that. I’d be happy to move this thread over to the Feature Request forum if you’d like. That way our developers can see it as a proposal when they comb through the forum. Would you like me to do that?

I think I may have got an answer from the same question I posted on Stackoverflow:

http://stackoverflow.com/questions/13338644/setting-dynamic-author-id-on-safecracker-form-as-non-super-admin-group

Basically I had to set the ‘Include Members in PUBLISH page multi-author list?’ to ‘Yes’ for the target users member group and this allowed me to save the entry and have it assigned to the correct user. Now the problem I have is that there’s a potential author list of over 8000 users, which is going to provide problematic.

Hi Bibbulmun Track Foundation,

Thank for sharing the solution you found on StackOverflow!

Thanks!

Cheers,