Filtering Member List from Multiple Member Groups?

10

On a site I took over from another developer, I need to output a list of members from multiple member groups (Staff, Editors, Super Admins) but only one Super Admin member needs to show in it.

The current implementation uses an obscure plugin — it might be a custom add-on as I can't find it via Google — to list members in the Staff and Editors groups. The need to show a single member of the Super Admin member is a new requirement.

If possible, I would like to avoid using an exclude by member_id approach — that is filtering by a list of member_ids that I do not want to show. Instead, I would like to include by member_id, so only that one specified member is listed. So more {if member_id == ""} and not {if member_id != "}, but with the need to show all members in the other two groups.

Going that route, as new Super Admins are added (which is very infrequently) I won't have to revisit the project to add yet another member_id exclusion.

but an include by member_id, so only a specific Super Admin will show in the list. That way, as new Super Admins are added (which is very infrequently) I won't have to revisit the project to add another exclusion.

Any thoughts?

Brooks Seymore

Posted 2012-11-20T23:48:11.077

Reputation: 580

Can you clarify your question? Your first sentence doesn't entirely make sense. – Adrian Macneil – 2012-11-21T00:37:06.960

You're right, it was a bit unclear. Rewrote the bulk of my question so it should be clearer now. – Brooks Seymore – 2012-11-21T01:25:07.437

Answers

8

There are probably multiple ways to accomplish this but the Query module has really become my go-to when there are specialized requirements for the data I want to display, or when there aren't obvious ways to do something with regular EE tags.

Here is an example of what I think you are asking for. Show all the members for a couple member groups (add more if needed) and also for a single suepradmin, selecting that member by id.

{exp:query sql=
    "SELECT screen_name, group_title
    FROM exp_members
    JOIN exp_member_groups ON exp_member_groups.group_id = exp_members.group_id
    WHERE exp_members.group_id = 6 OR exp_members.group_id = 7 OR exp_members.member_id = 1"
}
    <li>{screen_name}, {group_title}</li>
{/exp:query}

This would output something like

<li>Willie Nelson, Super Admins</li>
<li>Johnny Cash, Staff</li>
<li>Merle Haggard, Staff</li>
<li>Doc Watson, Editors</li>
<li>Ralph Stanley, Editors</li>

UPDATE

It's been mentioned in the comments below, and in this answer, that the Query module does not escape data so is unsafe for queries containing user input such as segment data. One of the suggested alternatives is to use the Active Record plugin instead, which does escape data.

With that in mind, and even though there is no user input in this particular query, here is the same query using the Active Record plugin instead of the Query module:

{exp:activerecord
    select="screen_name, group_title"
    from="members"
    join="exp_member_groups"
    on="exp_member_groups.group_id = exp_members.group_id"
    where_in:exp_members.group_id="6|7"
    or_where_in:exp_members.member_id="1"
}
    <li>{screen_name}, {group_title}</li>
{/exp:activerecord}

Alex Kendrick

Posted 2012-11-20T23:48:11.077

Reputation: 7 896

1This sounds like it's nearly exactly what the custom plugin is doing. Overall I recommend using custom plugins instead of the query plugin - it is more maintainable and safer to do so. – Isaac Raway – 2012-11-21T02:40:43.007

@IsaacRaway I see the maintainability aspect. Curious, though, what's the safety aspect? – Alex Kendrick – 2012-11-21T03:02:42.657

@AlexKendrick Ah, that looks like it should work perfectly, you even have the group_ids correct. :-) Appreciate the help! – Brooks Seymore – 2012-11-21T05:26:08.343

@IsaacRaway Not quite. The list was showing all of the Staff and Editors only. The new requirement to include a specific Super Admin is why I looking for a better solution.

Like Alex, I'm also curious about the safety aspect of a plugin vs a query. – Brooks Seymore – 2012-11-21T05:29:18.527

1The safety aspect Isaac alludes to is that if you're taking user input (like via segment data), the query plugin will NOT auto-escape that. If you don't feel like writing a custom plugin, you can get around the safety problem by using Rob Sanchez' Active Record plugin, which does escape data. – adrienne – 2012-11-21T16:34:54.080

@adrienne Oh wow. I totally thought segment data was safe to use this way. Is there a reference you could point me to? – Alex Kendrick – 2012-11-21T17:35:46.757

@AlexKendrick I first learned about the problem from Isaac Raway. I have just put some further info in an answer over at this question: http://expressionengine.stackexchange.com/questions/192/custom-plugins-vs-query-tags-advantages-and-implementation

– adrienne – 2012-11-21T22:05:27.230

@AlexKendrick segment data might be SAFER than other kinds of user-entered data, simply because I think EE might filter some characters out of valid segments. But I wouldn't stake my website on it. – adrienne – 2012-11-21T22:11:12.340