Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
0 + 6 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
   

Re: Lock the webmaster group?
by Peekay on 2007/7/27 9:10:32

Set up an 'executives' group and allow them system admin rights to 'Edit User, but NOT 'Groups'.

Also give them module admin rights for 'Group Manager'.

Set the Group Manager module config as below.

Quote:

Permissions for each group

Webmasters (all)
Registered Users (none)
Anonymous Users (none)
Executives [ ]Webmasters [x]Reg Users [x]Anon Users [x]Executives

Groups allowed to change permissions

Webmasters (all)
Registered Users (none)
Anonymous Users (none)
Executives (none)

The top panel settings mean:

Webmaster to do anything in ALL groups
Registered Users can do nothing
Anonymous users can do nothing
Executives group don't have permission to change the 'Webmasters' group (leave un-checked), so they can't add webmasters or REMOVE the webmaster. They can however move users around in the 'Reg Users' and 'Anon Users' and 'Executives' groups. So you can say to clients "create your new user, then open the groups module and add them to the group you want".

The bottom panel just sets who can change the above, so webmasters 'all', others 'none'.

HTH
Re: Lock the webmaster group?
by script_fu on 2007/7/26 22:52:28

This module looks very good. I have it installed but must not be setting it right.

I have...

--------------

Permission for each Group
Set which groups each group can change

Webmasters

Webmasters = + or -
Registered Users = + or -
Anonymous Users = + or -
Administrator = + or -
All = + or -

Registered Users

Webmasters = + or -
Registered Users = + or -
Anonymous Users = + or -
Administrator = + or -
All = + or -

Anonymous Users

Webmasters = + or -
Registered Users = + or -
Anonymous Users = + or -
Administrator = + or -
All = + or -

Administrator

Webmasters = + or -
Registered Users = + or -
Anonymous Users = + or -
Administrator = + or -
All = + or -


---------------------
And
---------------------


Groups allowed to change permissions
Select which groups can change these permissions

Webmasters

Can Change Permissions All = + or -

Registered Users

Can Change Permissions All = + or -

Anonymous Users

Can Change Permissions All = + or -

Administrator

Can Change Permissions All = + or -

-------------

How would I lock down system module access for "Administrator" only?

Could you please answer + for a check mark or minus for no check mark.

I hope this makes sense...
Re: Lock the webmaster group?
by Peekay on 2007/7/26 19:54:59

OR...

Just get the brilliant 'Groups' module from kaotik

http://www.kaotik.biz/download/groups_module.rar

No core file hacks required. With this you can disable 'groups' permissions for the 'executives' group and after adding a new member via 'edit user' they can put them into groups using the module. Prevents access to the webmaster account too.

Excellent work
Re: Lock the webmaster group?
by Peekay on 2007/7/19 10:21:53

Mission accomplished!

This is only for situations where you do not want clients creating groups and messing with the site. It is a hack (only two files changed) but you will need to re-apply for future upgrades of Xoops.

* Create a new group, e.g. 'executives'.
* Give the group system admin rights for 'Groups' and 'Edit Users'.
* Add the following hacks (backup first of course).

This will enable member(s) of the executives group to:

* Create new users and change their groups via the 'Edit Users' screen.

It will prevent the executives group from:

* Changing the webmaster details or password.
* Moving the webmaster into another group and removing them from webmaster group.
* Creating a new group with system admin rights.


Lock the Webmaster (UID 1) details

modules/system/admin/users/users.php

Part 1) Add as the first entry in 'function updateUser($uid, $uname, $name.....'

le="color: #000000"><?php // Peekays Lock Webmaster hack (part 1) --------------------------- // modules/system/admin/users/users.php // First entry in 'function updateUser($uid, $uname, $name.....' if(in_array(XOOPS_GROUP_ADMIN, $groups)) { global $xoopsUser; $peekay = $xoopsUser->getVar('uid'); if ($peekay != 1) { xoops_cp_header(); echo 'You cannot edit or add users to the webmaster account'; xoops_cp_footer(); exit(); } } // end pk mod -----------------------------------------------------


Part 2) Around line 232 look for:

le="color: #000000"><?php array_push($groups, XOOPS_GROUP_ADMIN); }


Add directly below this:


le="color: #000000"><?php // Peekay's Lock Webmaster hack (part 2) ------------------------------------------------ // modules/system/admin/users/users.php // Around line 232 (xoops 2.0.16) add directly below: // array_push($groups, XOOPS_GROUP_ADMIN); // } if (in_array(XOOPS_GROUP_ADMIN, $oldgroups) && !(in_array(XOOPS_GROUP_ADMIN, $groups))) { array_push($groups, XOOPS_GROUP_ADMIN); } // end pk mod ---------------------------------------------------------------------------



Lock access to Groups except for the Webmaster

modules/system/admin/groups/groups.php

Add the following at the top of the page:

le="color: #000000"><?php // Peekays lock groups hack ------------------------------ // modules/system/admin/groups/groups.php // First entry on the page $peekay = $xoopsUser->getVar('uid'); if ($peekay != 1) { xoops_cp_header(); echo 'Only the webmaster can add or edit groups'; xoops_cp_footer(); exit(); } // end pk mod --------------------------------------------


Please note: There is a bug in XOOPS 2.0.16 that prevents a NEW user from being added to a custom group when the user is first added in the 'Edit Users' screen. Once the user has been created, you must 'edit' the user details, select the appropriate groups, then save again.

Apparently, this issue is being addressed.

I agree this functionality would be better served via a module or system prefs. In the meantime I hope this is helpful. If you spot any errors or have any improvements, please post them here.
Re: Lock the webmaster group?
by rlankford on 2007/7/19 9:29:31

My only thought to all this is that the functionality would probably be better served if someone (I know, I know, who has the time?) created a module that did nothing but allow people to edit groups/users on the front side of the website. Creating this module would probably involve copying and modifying a lot of the code already on the admin side of the XOOPS core.

The advantage of this method would be that you wouldn't have to hack the XOOPS core at all. You could install/un-install this feature in a couple of minutes at will. Finally, it would be great if you could configure the new module quickly and easily so that you could specify *who* could access the module. Maybe even specify who could add/remove folks from groups on a group-by-group basis.

And in fact, I know the recent move was to pull out any default modules that came with Xoops. But I think modules like the old "members" module (and this one), would make sense to have back in the XOOPS core install package again. Specifically, those modules that simply extended admin features/functions to the front side of a XOOPS site could (should?) be included in the default XOOPS package, IMO.

It'd probably take some time and thought to get worked out right, but it'd really be pretty neat in the end...

Who's Online

194 user(s) are online (133 user(s) are browsing Support Forums)


Members: 0


Guests: 194


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits