Permissions

Found a bug? Tell us!!
Post Reply
sir17
Regular
Posts: 8
Joined: Tue Feb 28, 2006 2:55 pm
Contact:

Permissions

Post by sir17 » Tue Feb 28, 2006 3:05 pm

On the demo http://demo.s9y.eparticipation.com I am creating, I want to set up a really basic user, that can write basic articles but has no access to other features. The permissions for the event plugins seem to not work correctly. Can't save them from the configure plugins menu. I changed the permissions in mysql so I am the only person who can use static pages, email submission etc. but all of these features are still available for everybody. Am I missing something?
Thanks for your help again.
Chris

User avatar
garvinhicking
Core Developer
Posts: 30020
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Permissions

Post by garvinhicking » Tue Feb 28, 2006 3:36 pm

Hi!

Actually the permissions in the plugin configuration will only be saved if you change the dropdown and check the checbkox next to it and then click on "Save".

However, those permissions do not affect accessibility of a plugin, they only indicate which user is the owner of a plugin and is able to CONFIGURE the plugin, not USE it.

Most of the plugins like static pages do not have a permission management so they are available to all users. Some other plugins only show their content to Chief editor or Admin users.

For plugins like the staticpage plugin you would need to edit the PHP file to make it viewable for specific users only.

All plugin PHP files contain a statement like this:

Code: Select all

                case 'backend_sidebar_entries':
                    $this->setupDB();
                    echo '<li><a href="?serendipity[adminModule]=event_display&amp;serendipity[adminAction]=staticpages">' . STATICPAGE_TITLE . '</a></li>';
                    break;


You could modify this to:

Code: Select all

                case 'backend_sidebar_entries':
                    if ($serendipity['authorid'] != 1) return true;
                    $this->setupDB();
                    echo '<li><a href="?serendipity[adminModule]=event_display&amp;serendipity[adminAction]=staticpages">' . STATICPAGE_TITLE . '</a></li>';
                    break;


To only make the static page functionality available for Author #1.

Most of the plugins are going through changing for supporting user permissions in the past and future, so it is only a matter of time until this gets widely adopted.

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/

sir17
Regular
Posts: 8
Joined: Tue Feb 28, 2006 2:55 pm
Contact:

Thanks

Post by sir17 » Tue Feb 28, 2006 3:45 pm

that's great, thanks

Post Reply